Merge branch 'mastoapi-non-html-strings' into 'develop'

mastodon API: do not sanitize html in non-html fields See merge request pleroma/pleroma!2167
2020-02-06 16:08:23 +00:00 · 2020-02-06 16:08:23 +00:00 · df0b00b32d
commit df0b00b32d
parent e12bf05f23 983a87175e
6 changed files with 10 additions and 25 deletions
--- a/lib/pleroma/web/mastodon_api/views/account_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/account_view.ex
@ -67,7 +67,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
  end

  defp do_render("show.json", %{user: user} = opts) do
-    display_name = HTML.strip_tags(user.name || user.nickname)
+    display_name = user.name || user.nickname

    image = User.avatar_url(user) |> MediaProxy.url()
    header = User.banner_url(user) |> MediaProxy.url()
@ -105,7 +105,7 @@ defmodule Pleroma.Web.MastodonAPI.AccountView do
      |> User.fields()
      |> Enum.map(fn %{"name" => name, "value" => value} ->
        %{
-          "name" => Pleroma.HTML.strip_tags(name),
+          "name" => name,
          "value" => Pleroma.HTML.filter_tags(value, Pleroma.HTML.Scrubber.LinksOnly)
        }
      end)
--- a/lib/pleroma/web/mastodon_api/views/poll_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/poll_view.ex
@ -5,7 +5,6 @@
 defmodule Pleroma.Web.MastodonAPI.PollView do
  use Pleroma.Web, :view

-  alias Pleroma.HTML
  alias Pleroma.Web.CommonAPI.Utils

  def render("show.json", %{object: object, multiple: multiple, options: options} = params) do
@ -57,7 +56,7 @@ defmodule Pleroma.Web.MastodonAPI.PollView do
      current_count = option["replies"]["totalItems"] || 0

      {%{
-         title: HTML.strip_tags(name),
+         title: name,
         votes_count: current_count
       }, current_count + count}
    end)
--- a/lib/pleroma/web/mastodon_api/views/status_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/status_view.ex
@ -216,21 +216,6 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do

    summary = object.data["summary"] || ""

-    summary_html =
-      summary
-      |> HTML.get_cached_scrubbed_html_for_activity(
-        User.html_filter_policy(opts[:for]),
-        activity,
-        "mastoapi:summary"
-      )
-
-    summary_plaintext =
-      summary
-      |> HTML.get_cached_stripped_html_for_activity(
-        activity,
-        "mastoapi:summary"
-      )
-
    card = render("card.json", Pleroma.Web.RichMedia.Helpers.fetch_data_for_activity(activity))

    url =
@ -286,7 +271,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
      muted: thread_muted? || User.mutes?(opts[:for], user),
      pinned: pinned?(activity, user),
      sensitive: sensitive,
-      spoiler_text: summary_html,
+      spoiler_text: summary,
      visibility: get_visibility(object),
      media_attachments: attachments,
      poll: render(PollView, "show.json", object: object, for: opts[:for]),
@ -303,7 +288,7 @@ defmodule Pleroma.Web.MastodonAPI.StatusView do
        conversation_id: get_context_id(activity),
        in_reply_to_account_acct: reply_to_user && reply_to_user.nickname,
        content: %{"text/plain" => content_plaintext},
-        spoiler_text: %{"text/plain" => summary_plaintext},
+        spoiler_text: %{"text/plain" => summary},
        expires_at: expires_at,
        direct_conversation_id: direct_conversation_id,
        thread_muted: thread_muted?,