forked from mirrors/gotosocial
[chore] improve opengraph descripiton tag (#1550)
This changes parseDescription to properly encode things to be safe for usage without removing things like backslashes that may be relevant. * text.SanitizePlaintext already calls html.UnescapeString so we don't have to do that * Replace \n with space early * Remove duplicate white-space by splitting on fields and joining * HTML-escape the string we have * For extra certainty, encode the backslash as \ Fixes #1549
This commit is contained in:
parent
b6fbdc66c1
commit
074f352709
2 changed files with 54 additions and 4 deletions
|
@ -134,11 +134,11 @@ func parseTitle(account *apimodel.Account, accountDomain string) string {
|
||||||
// parseDescription returns a string description which is
|
// parseDescription returns a string description which is
|
||||||
// safe to use as a template.HTMLAttr inside templates.
|
// safe to use as a template.HTMLAttr inside templates.
|
||||||
func parseDescription(in string) string {
|
func parseDescription(in string) string {
|
||||||
i := html.UnescapeString(in)
|
i := text.SanitizePlaintext(in)
|
||||||
i = text.SanitizePlaintext(i)
|
|
||||||
i = strings.ReplaceAll(i, "\"", "'")
|
|
||||||
i = strings.ReplaceAll(i, `\`, "")
|
|
||||||
i = strings.ReplaceAll(i, "\n", " ")
|
i = strings.ReplaceAll(i, "\n", " ")
|
||||||
|
i = strings.Join(strings.Fields(i), " ")
|
||||||
|
i = html.EscapeString(i)
|
||||||
|
i = strings.ReplaceAll(i, `\`, "\")
|
||||||
i = trim(i, maxOGDescriptionLength)
|
i = trim(i, maxOGDescriptionLength)
|
||||||
return `content="` + i + `"`
|
return `content="` + i + `"`
|
||||||
}
|
}
|
||||||
|
|
50
internal/web/opengraph_test.go
Normal file
50
internal/web/opengraph_test.go
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
/*
|
||||||
|
GoToSocial
|
||||||
|
Copyright (C) 2021-2023 GoToSocial Authors admin@gotosocial.org
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU Affero General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU Affero General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU Affero General Public License
|
||||||
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package web
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/suite"
|
||||||
|
)
|
||||||
|
|
||||||
|
type OpenGraphTestSuite struct {
|
||||||
|
suite.Suite
|
||||||
|
}
|
||||||
|
|
||||||
|
func (suite *OpenGraphTestSuite) TestParseDescription() {
|
||||||
|
tests := []struct {
|
||||||
|
name, in, exp string
|
||||||
|
}{
|
||||||
|
{name: "shellcmd", in: `echo '\e]8;;http://example.com\e\This is a link\e]8;;\e'`, exp: `echo '\e]8;;http://example.com\e\This is a link\e]8;;\e'`},
|
||||||
|
{name: "newlines", in: "test\n\ntest\ntest", exp: "test test test"},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, tt := range tests {
|
||||||
|
tt := tt
|
||||||
|
suite.Run(tt.name, func() {
|
||||||
|
suite.Equal(fmt.Sprintf("content=\"%s\"", tt.exp), parseDescription(tt.in))
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestOpenGraphTestSuite(t *testing.T) {
|
||||||
|
suite.Run(t, &OpenGraphTestSuite{})
|
||||||
|
}
|
Loading…
Reference in a new issue