diff options
| author |  default | 2022-11-16 13:13:31 +0100 |
|---|---|---|
| committer | default | 2022-11-16 13:13:31 +0100 |
| commit | 236ca9af6b66cfc0c20c4fd5a2b5c8c187bfe3f4 (patch) | |
| tree | c808cdec072ca3dc8af8ac65df44ff35bc5f52b2 | |
| parent | Updated TODO. (diff) | |
| download | snac2-236ca9af6b66cfc0c20c4fd5a2b5c8c187bfe3f4.tar.gz snac2-236ca9af6b66cfc0c20c4fd5a2b5c8c187bfe3f4.tar.xz snac2-236ca9af6b66cfc0c20c4fd5a2b5c8c187bfe3f4.zip | |
Call sanitize() as soon as possible.
| -rw-r--r-- | format.c | 6 | ||||
| -rw-r--r-- | html.c | 6 | ||||
| -rw-r--r-- | snac.h | 4 |
3 files changed, 7 insertions, 9 deletions
| @@ -87,7 +87,7 @@ static d_char *format_line(const char *line) | |||
| 87 | } | 87 | } |
| 88 | 88 | ||
| 89 | 89 | ||
| 90 | d_char *not_really_markdown(char *content) | 90 | d_char *not_really_markdown(const char *content) |
| 91 | /* formats a content using some Markdown rules */ | 91 | /* formats a content using some Markdown rules */ |
| 92 | { | 92 | { |
| 93 | d_char *s = xs_str_new(NULL); | 93 | d_char *s = xs_str_new(NULL); |
| @@ -164,11 +164,11 @@ d_char *not_really_markdown(char *content) | |||
| 164 | 164 | ||
| 165 | 165 | ||
| 166 | const char *valid_tags[] = { | 166 | const char *valid_tags[] = { |
| 167 | "a", "p", "br", "br/", "img", "blockquote", "ul", "li", | 167 | "a", "p", "br", "br/", "blockquote", "ul", "li", |
| 168 | "span", "i", "b", "pre", "code", "em", "strong", NULL | 168 | "span", "i", "b", "pre", "code", "em", "strong", NULL |
| 169 | }; | 169 | }; |
| 170 | 170 | ||
| 171 | d_char *sanitize(d_char *content) | 171 | d_char *sanitize(const char *content) |
| 172 | /* cleans dangerous HTML output */ | 172 | /* cleans dangerous HTML output */ |
| 173 | { | 173 | { |
| 174 | d_char *s = xs_str_new(NULL); | 174 | d_char *s = xs_str_new(NULL); |
| @@ -627,7 +627,7 @@ d_char *html_entry(snac *snac, d_char *os, char *msg, xs_set *seen, int local, i | |||
| 627 | } | 627 | } |
| 628 | 628 | ||
| 629 | { | 629 | { |
| 630 | xs *c = xs_dup(xs_dict_get(msg, "content")); | 630 | xs *c = sanitize(xs_dict_get(msg, "content")); |
| 631 | char *p, *v; | 631 | char *p, *v; |
| 632 | 632 | ||
| 633 | /* do some tweaks to the content */ | 633 | /* do some tweaks to the content */ |
| @@ -663,9 +663,7 @@ d_char *html_entry(snac *snac, d_char *os, char *msg, xs_set *seen, int local, i | |||
| 663 | } | 663 | } |
| 664 | } | 664 | } |
| 665 | 665 | ||
| 666 | xs *sc = sanitize(c); | 666 | s = xs_str_cat(s, c); |
| 667 | |||
| 668 | s = xs_str_cat(s, sc); | ||
| 669 | } | 667 | } |
| 670 | 668 | ||
| 671 | s = xs_str_cat(s, "\n"); | 669 | s = xs_str_cat(s, "\n"); |
| @@ -135,8 +135,8 @@ int activitypub_post_handler(d_char *req, char *q_path, | |||
| 135 | char *payload, int p_size, | 135 | char *payload, int p_size, |
| 136 | char **body, int *b_size, char **ctype); | 136 | char **body, int *b_size, char **ctype); |
| 137 | 137 | ||
| 138 | d_char *not_really_markdown(char *content); | 138 | d_char *not_really_markdown(const char *content); |
| 139 | d_char *sanitize(d_char *str); | 139 | d_char *sanitize(const char *str); |
| 140 | 140 | ||
| 141 | int html_get_handler(d_char *req, char *q_path, char **body, int *b_size, char **ctype); | 141 | int html_get_handler(d_char *req, char *q_path, char **body, int *b_size, char **ctype); |
| 142 | int html_post_handler(d_char *req, char *q_path, d_char *payload, int p_size, | 142 | int html_post_handler(d_char *req, char *q_path, d_char *payload, int p_size, |