Merge branch 'mastoapi-non-html-strings' into 'develop'

mastodon API: do not sanitize html in non-html fields See merge request pleroma/pleroma!2167
2020-02-06 16:08:23 +00:00 · 2020-02-06 16:08:23 +00:00 · df0b00b32d
commit df0b00b32d
parent e12bf05f23 983a87175e
6 changed files with 10 additions and 25 deletions
--- a/test/web/mastodon_api/controllers/account_controller/update_credentials_test.exs
+++ b/test/web/mastodon_api/controllers/account_controller/update_credentials_test.exs
@ -269,7 +269,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
        |> json_response(200)

      assert account_data["fields"] == [
-               %{"name" => "foo", "value" => "bar"},
+               %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"},
               %{"name" => "link", "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)}
             ]

@ -297,7 +297,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController.UpdateCredentialsTest do
        |> json_response(200)

      assert account["fields"] == [
-               %{"name" => "foo", "value" => "bar"},
+               %{"name" => "<a href=\"http://google.com\">foo</a>", "value" => "bar"},
               %{"name" => "link", "value" => ~S(<a href="http://cofe.io" rel="ugc">cofe.io</a>)}
             ]

--- a/test/web/mastodon_api/views/account_view_test.exs
+++ b/test/web/mastodon_api/views/account_view_test.exs
@ -368,10 +368,10 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do
    assert result.pleroma[:settings_store] == nil
  end

-  test "sanitizes display names" do
+  test "doesn't sanitize display names" do
    user = insert(:user, name: "<marquee> username </marquee>")
    result = AccountView.render("show.json", %{user: user})
-    refute result.display_name == "<marquee> username </marquee>"
+    assert result.display_name == "<marquee> username </marquee>"
  end

  test "never display nil user follow counts" do