diff --git a/internal/processing/media/create.go b/internal/processing/media/create.go index 0783bfae8..adc44a4ea 100644 --- a/internal/processing/media/create.go +++ b/internal/processing/media/create.go @@ -56,7 +56,7 @@ func (p *processor) Create(ctx context.Context, account *gtsmodel.Account, form CreatedAt: time.Now(), UpdatedAt: time.Now(), AccountID: account.ID, - Description: text.RemoveHTML(form.Description), + Description: text.SanitizeCaption(form.Description), FileMeta: gtsmodel.FileMeta{ Focus: gtsmodel.Focus{ X: focusx, diff --git a/internal/processing/media/update.go b/internal/processing/media/update.go index b3455bc91..42e050121 100644 --- a/internal/processing/media/update.go +++ b/internal/processing/media/update.go @@ -45,7 +45,7 @@ func (p *processor) Update(ctx context.Context, account *gtsmodel.Account, media } if form.Description != nil { - attachment.Description = text.RemoveHTML(*form.Description) + attachment.Description = text.SanitizeCaption(*form.Description) if err := p.db.UpdateByPrimaryKey(ctx, attachment); err != nil { return nil, gtserror.NewErrorInternalError(fmt.Errorf("database error updating description: %s", err)) } diff --git a/internal/text/caption.go b/internal/text/caption.go new file mode 100644 index 000000000..d1af33e53 --- /dev/null +++ b/internal/text/caption.go @@ -0,0 +1,29 @@ +/* + GoToSocial + Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +package text + +// SanitizeCaption runs image captions (or indeed any plain text) through basic sanitization. +// It returns plain text rather than HTML, in contrast to other functions in this package. +func SanitizeCaption(in string) string { + content := preformat(in) + + content = RemoveHTML(content) + + return postformat(content) +} diff --git a/internal/text/caption_test.go b/internal/text/caption_test.go new file mode 100644 index 000000000..794c82bf5 --- /dev/null +++ b/internal/text/caption_test.go @@ -0,0 +1,82 @@ +/* + GoToSocial + Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +package text_test + +import ( + "testing" + + "github.com/stretchr/testify/suite" + "github.com/superseriousbusiness/gotosocial/internal/text" +) + +type CaptionTestSuite struct { + suite.Suite +} + +func (suite *CaptionTestSuite) TestSanitizeCaption1() { + dodgyCaption := "this is just a normal caption ;)" + sanitized := text.SanitizeCaption(dodgyCaption) + suite.Equal("this is just a normal caption ;)", sanitized) +} + +func (suite *CaptionTestSuite) TestSanitizeCaption2() { + dodgyCaption := "here's a LOUD caption" + sanitized := text.SanitizeCaption(dodgyCaption) + suite.Equal("here's a LOUD caption", sanitized) +} + +func (suite *CaptionTestSuite) TestSanitizeCaption3() { + dodgyCaption := "" + sanitized := text.SanitizeCaption(dodgyCaption) + suite.Equal("", sanitized) +} + +func (suite *CaptionTestSuite) TestSanitizeCaption4() { + dodgyCaption := ` + + +here is +a multi line +caption +with some newlines + + + +` + sanitized := text.SanitizeCaption(dodgyCaption) + suite.Equal("here is\na multi line\ncaption\nwith some newlines", sanitized) +} + +func (suite *CaptionTestSuite) TestSanitizeCaption5() { + // html-escaped: " hello world" + dodgyCaption := `<script>console.log('aha!')</script> hello world` + sanitized := text.SanitizeCaption(dodgyCaption) + suite.Equal("hello world", sanitized) +} + +func (suite *CaptionTestSuite) TestSanitizeCaption6() { + // html-encoded: " hello world" + dodgyCaption := `<script>console.log('aha!')</script> hello world` + sanitized := text.SanitizeCaption(dodgyCaption) + suite.Equal("hello world", sanitized) +} + +func TestCaptionTestSuite(t *testing.T) { + suite.Run(t, new(CaptionTestSuite)) +} diff --git a/internal/text/common_test.go b/internal/text/common_test.go index 19851956e..9d61b6113 100644 --- a/internal/text/common_test.go +++ b/internal/text/common_test.go @@ -25,8 +25,6 @@ import ( "github.com/stretchr/testify/suite" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" - "github.com/superseriousbusiness/gotosocial/internal/text" - "github.com/superseriousbusiness/gotosocial/testrig" ) const ( @@ -74,30 +72,6 @@ type CommonTestSuite struct { TextStandardTestSuite } -func (suite *CommonTestSuite) SetupSuite() { - suite.testTokens = testrig.NewTestTokens() - suite.testClients = testrig.NewTestClients() - suite.testApplications = testrig.NewTestApplications() - suite.testUsers = testrig.NewTestUsers() - suite.testAccounts = testrig.NewTestAccounts() - suite.testAttachments = testrig.NewTestAttachments() - suite.testStatuses = testrig.NewTestStatuses() - suite.testTags = testrig.NewTestTags() - suite.testMentions = testrig.NewTestMentions() -} - -func (suite *CommonTestSuite) SetupTest() { - suite.config = testrig.NewTestConfig() - suite.db = testrig.NewTestDB() - suite.formatter = text.NewFormatter(suite.config, suite.db) - - testrig.StandardDBSetup(suite.db, nil) -} - -func (suite *CommonTestSuite) TearDownTest() { - testrig.StandardDBTeardown(suite.db) -} - func (suite *CommonTestSuite) TestReplaceMentions() { foundMentions := []*gtsmodel.Mention{ suite.testMentions["zork_mention_foss_satan"], diff --git a/internal/text/formatter_test.go b/internal/text/formatter_test.go index d01f1418e..8b4d176e2 100644 --- a/internal/text/formatter_test.go +++ b/internal/text/formatter_test.go @@ -24,9 +24,9 @@ import ( "github.com/superseriousbusiness/gotosocial/internal/db" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" "github.com/superseriousbusiness/gotosocial/internal/text" + "github.com/superseriousbusiness/gotosocial/testrig" ) -// nolint type TextStandardTestSuite struct { // standard suite interfaces suite.Suite @@ -47,3 +47,27 @@ type TextStandardTestSuite struct { // module being tested formatter text.Formatter } + +func (suite *TextStandardTestSuite) SetupSuite() { + suite.testTokens = testrig.NewTestTokens() + suite.testClients = testrig.NewTestClients() + suite.testApplications = testrig.NewTestApplications() + suite.testUsers = testrig.NewTestUsers() + suite.testAccounts = testrig.NewTestAccounts() + suite.testAttachments = testrig.NewTestAttachments() + suite.testStatuses = testrig.NewTestStatuses() + suite.testTags = testrig.NewTestTags() + suite.testMentions = testrig.NewTestMentions() +} + +func (suite *TextStandardTestSuite) SetupTest() { + suite.config = testrig.NewTestConfig() + suite.db = testrig.NewTestDB() + suite.formatter = text.NewFormatter(suite.config, suite.db) + + testrig.StandardDBSetup(suite.db, nil) +} + +func (suite *TextStandardTestSuite) TearDownTest() { + testrig.StandardDBTeardown(suite.db) +} diff --git a/internal/text/link_test.go b/internal/text/link_test.go index 0709e4ad1..98143bdd4 100644 --- a/internal/text/link_test.go +++ b/internal/text/link_test.go @@ -25,7 +25,6 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" "github.com/superseriousbusiness/gotosocial/internal/text" - "github.com/superseriousbusiness/gotosocial/testrig" ) const text1 = ` @@ -70,29 +69,6 @@ type LinkTestSuite struct { TextStandardTestSuite } -func (suite *LinkTestSuite) SetupSuite() { - suite.testTokens = testrig.NewTestTokens() - suite.testClients = testrig.NewTestClients() - suite.testApplications = testrig.NewTestApplications() - suite.testUsers = testrig.NewTestUsers() - suite.testAccounts = testrig.NewTestAccounts() - suite.testAttachments = testrig.NewTestAttachments() - suite.testStatuses = testrig.NewTestStatuses() - suite.testTags = testrig.NewTestTags() -} - -func (suite *LinkTestSuite) SetupTest() { - suite.config = testrig.NewTestConfig() - suite.db = testrig.NewTestDB() - suite.formatter = text.NewFormatter(suite.config, suite.db) - - testrig.StandardDBSetup(suite.db, nil) -} - -func (suite *LinkTestSuite) TearDownTest() { - testrig.StandardDBTeardown(suite.db) -} - func (suite *LinkTestSuite) TestParseSimple() { f := suite.formatter.FromPlain(context.Background(), simple, nil, nil) assert.Equal(suite.T(), simpleExpected, f) diff --git a/internal/text/markdown_test.go b/internal/text/markdown_test.go index 3faa69c08..0c55cba9c 100644 --- a/internal/text/markdown_test.go +++ b/internal/text/markdown_test.go @@ -25,8 +25,6 @@ import ( "github.com/stretchr/testify/suite" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" - "github.com/superseriousbusiness/gotosocial/internal/text" - "github.com/superseriousbusiness/gotosocial/testrig" ) const ( @@ -67,30 +65,6 @@ type MarkdownTestSuite struct { TextStandardTestSuite } -func (suite *MarkdownTestSuite) SetupSuite() { - suite.testTokens = testrig.NewTestTokens() - suite.testClients = testrig.NewTestClients() - suite.testApplications = testrig.NewTestApplications() - suite.testUsers = testrig.NewTestUsers() - suite.testAccounts = testrig.NewTestAccounts() - suite.testAttachments = testrig.NewTestAttachments() - suite.testStatuses = testrig.NewTestStatuses() - suite.testTags = testrig.NewTestTags() - suite.testMentions = testrig.NewTestMentions() -} - -func (suite *MarkdownTestSuite) SetupTest() { - suite.config = testrig.NewTestConfig() - suite.db = testrig.NewTestDB() - suite.formatter = text.NewFormatter(suite.config, suite.db) - - testrig.StandardDBSetup(suite.db, suite.testAccounts) -} - -func (suite *MarkdownTestSuite) TearDownTest() { - testrig.StandardDBTeardown(suite.db) -} - func (suite *MarkdownTestSuite) TestParseSimple() { s := suite.formatter.FromMarkdown(context.Background(), simpleMarkdown, nil, nil) suite.Equal(simpleMarkdownExpected, s) diff --git a/internal/text/plain_test.go b/internal/text/plain_test.go index b353fb284..b8a50d3a1 100644 --- a/internal/text/plain_test.go +++ b/internal/text/plain_test.go @@ -26,8 +26,6 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" - "github.com/superseriousbusiness/gotosocial/internal/text" - "github.com/superseriousbusiness/gotosocial/testrig" ) const ( @@ -49,30 +47,6 @@ type PlainTestSuite struct { TextStandardTestSuite } -func (suite *PlainTestSuite) SetupSuite() { - suite.testTokens = testrig.NewTestTokens() - suite.testClients = testrig.NewTestClients() - suite.testApplications = testrig.NewTestApplications() - suite.testUsers = testrig.NewTestUsers() - suite.testAccounts = testrig.NewTestAccounts() - suite.testAttachments = testrig.NewTestAttachments() - suite.testStatuses = testrig.NewTestStatuses() - suite.testTags = testrig.NewTestTags() - suite.testMentions = testrig.NewTestMentions() -} - -func (suite *PlainTestSuite) SetupTest() { - suite.config = testrig.NewTestConfig() - suite.db = testrig.NewTestDB() - suite.formatter = text.NewFormatter(suite.config, suite.db) - - testrig.StandardDBSetup(suite.db, nil) -} - -func (suite *PlainTestSuite) TearDownTest() { - testrig.StandardDBTeardown(suite.db) -} - func (suite *PlainTestSuite) TestParseSimple() { f := suite.formatter.FromPlain(context.Background(), simple, nil, nil) assert.Equal(suite.T(), simpleExpected, f)