closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7541 Commits
4 Branches
567 MiB
Tree: fea903f574
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fea903f574'
${ noResults }
mastodon/app/lib/formatter.rb

303 lines
9.2 KiB
Raw Normal View History

Fix rubocop issues, introduce usage of frozen literal to improve performance
7 years ago
Refactored generation of unique tags, URIs and object URLs into own classes, as well as formatting of content
7 years ago
OEmbed support for PreviewCard (#2337) * OEmbed support for PreviewCard * Improve ProviderDiscovery code failure treatment * Do not crawl links if there is a content warning, since those don't display a link card anyway * Reset db schema * Fresh migrate * Fix rubocop style issues Fix #1681 - return existing access token when applicable instead of creating new * Fix test * Extract http client to helper * Improve oembed controller
7 years ago
Refactored generation of unique tags, URIs and object URLs into own classes, as well as formatting of content
7 years ago
Adding hashtags
7 years ago
Refactored generation of unique tags, URIs and object URLs into own classes, as well as formatting of content
7 years ago
Using double splat operator (#5859)
6 years ago
Prepend reblogs' wrapper content with "RT @original_author", (#3013) so that when a reblog parse fails on another instance, it doesn't look like a misattributed/stolen text
7 years ago
Remove some arguments of Formatter.instance.format and spec (#3541) * Remove some arguments of Formatter.instance.format * Improve spec for Formatter
7 years ago
Refactored generation of unique tags, URIs and object URLs into own classes, as well as formatting of content
7 years ago
Rename :poll to :preloadable_poll and :owned_poll to :poll on Status (#10401) Also, fix some n+1 queries Resolve #10365
5 years ago
When serializing polls over OStatus, serialize poll options to text (#10160) * When serializing polls over OStatus, serialize poll options to text * Do the same for RSS feeds * Use “[ ] ” as a prefix for poll options instead of “- ”
5 years ago
Remove text requirement when media attached from statuses (#6672)
6 years ago
Custom emoji (#4988) * Custom emoji - In OStatus: `<link rel="emoji" name="coolcat" href="http://..." />` - In ActivityPub: `{ type: "Emoji", name: ":coolcat:", href: "http://..." }` - In REST API: Status object includes `emojis` array (`shortcode`, `url`) - Domain blocks with reject media stop emojis - Emoji file up to 50KB - Web UI handles custom emojis - Static pages render custom emojis as `<img />` tags Side effects: - Undo #4500 optimization, as I needed to modify it to restore shortcode handling in emojify() - Formatter#plaintext should now make sure stripped out line-breaks and paragraphs are replaced with newlines * Fix emoji at the start not being converted
6 years ago
Add animate custom emoji param to embed pages (#8507) * Add animate custom emoji param to embed pages * Rename param, use it for avatars and gifs * Fix issues pointed by codeclimate and breaking test * Ignore brakeman warning
5 years ago
Fix non-local statuses are html_encoded in public_page. (#5012)
6 years ago
Custom emoji (#4988) * Custom emoji - In OStatus: `<link rel="emoji" name="coolcat" href="http://..." />` - In ActivityPub: `{ type: "Emoji", name: ":coolcat:", href: "http://..." }` - In REST API: Status object includes `emojis` array (`shortcode`, `url`) - Domain blocks with reject media stop emojis - Emoji file up to 50KB - Web UI handles custom emojis - Static pages render custom emojis as `<img />` tags Side effects: - Undo #4500 optimization, as I needed to modify it to restore shortcode handling in emojify() - Formatter#plaintext should now make sure stripped out line-breaks and paragraphs are replaced with newlines * Fix emoji at the start not being converted
6 years ago
use Twitter::Extractor for creating links (#2502)
7 years ago
Improve support for aspects/circles (#8950) * Add silent column to mentions * Save silent mentions in ActivityPub Create handler and optimize it Move networking calls out of the database transaction * Add "limited" visibility level masked as "private" in the API Unlike DMs, limited statuses are pushed into home feeds. The access control rules between direct and limited statuses is almost the same, except for counter and conversation logic * Ensure silent column is non-null, add spec * Ensure filters don't check silent mentions for blocks/mutes As those are "this person is also allowed to see" rather than "this person is involved", therefore does not warrant filtering * Clean up code * Use Status#active_mentions to limit returned mentions * Fix code style issues * Use Status#active_mentions in Notification And remove stream_entry eager-loading from Notification
5 years ago
Prepend reblogs' wrapper content with "RT @original_author", (#3013) so that when a reblog parse fails on another instance, it doesn't look like a misattributed/stolen text
7 years ago
Fix regressions from #2683 (#2970) * Fix regressions from #2683 Properly format spoiler text HTML, while keeping old logic for blankness intact Process hashtags and mentions in spoiler text Format spoiler text for Atom Change "show more" toggle into a button instead of anchor Fix style regression on dropdowns for detailed statuses * Fix lint issue * Convert spoiler text to plaintext in desktop notifications
7 years ago
Prepend reblogs' wrapper content with "RT @original_author", (#3013) so that when a reblog parse fails on another instance, it doesn't look like a misattributed/stolen text
7 years ago
Add animate custom emoji param to embed pages (#8507) * Add animate custom emoji param to embed pages * Rename param, use it for avatars and gifs * Fix issues pointed by codeclimate and breaking test * Ignore brakeman warning
5 years ago
Remove some arguments of Formatter.instance.format and spec (#3541) * Remove some arguments of Formatter.instance.format * Improve spec for Formatter
7 years ago
Change usage of gsub to delete, as per Code Climate/Rubocop recommendation (#1753)
7 years ago
Refactored generation of unique tags, URIs and object URLs into own classes, as well as formatting of content
7 years ago
Fix rubocop issues, introduce usage of frozen literal to improve performance
7 years ago
Refactored generation of unique tags, URIs and object URLs into own classes, as well as formatting of content
7 years ago
Account notes (bios) can now contain links. Character limit upped to 160
7 years ago
Fix non-local statuses are html_encoded in public_page. (#5012)
6 years ago
Account notes (bios) can now contain links. Character limit upped to 160
7 years ago
Add digest e-mails
7 years ago
Custom emoji (#4988) * Custom emoji - In OStatus: `<link rel="emoji" name="coolcat" href="http://..." />` - In ActivityPub: `{ type: "Emoji", name: ":coolcat:", href: "http://..." }` - In REST API: Status object includes `emojis` array (`shortcode`, `url`) - Domain blocks with reject media stop emojis - Emoji file up to 50KB - Web UI handles custom emojis - Static pages render custom emojis as `<img />` tags Side effects: - Undo #4500 optimization, as I needed to modify it to restore shortcode handling in emojify() - Formatter#plaintext should now make sure stripped out line-breaks and paragraphs are replaced with newlines * Fix emoji at the start not being converted
6 years ago
Add digest e-mails
7 years ago
[WIP] Enable custom emoji on account pages and in the sidebar (#6124) Federate custom emojis with accounts
6 years ago
Add entity cache (#7271) * Add entity cache Use a caching layer for mentions and custom emojis that are dynamically extracted from text. Reduce duplicate text extractions * Fix code style issue
6 years ago
Add animate custom emoji param to embed pages (#8507) * Add animate custom emoji param to embed pages * Rename param, use it for avatars and gifs * Fix issues pointed by codeclimate and breaking test * Ignore brakeman warning
5 years ago
[WIP] Enable custom emoji on account pages and in the sidebar (#6124) Federate custom emojis with accounts
6 years ago
Refactored generation of unique tags, URIs and object URLs into own classes, as well as formatting of content
7 years ago
OEmbed support for PreviewCard (#2337) * OEmbed support for PreviewCard * Improve ProviderDiscovery code failure treatment * Do not crawl links if there is a content warning, since those don't display a link card anyway * Reset db schema * Fresh migrate * Fix rubocop style issues Fix #1681 - return existing access token when applicable instead of creating new * Fix test * Extract http client to helper * Improve oembed controller
7 years ago
Fix autoplay issue with spoiler tag (#8540) Add tests to avoid similar issues in the future
5 years ago
Fix custom emojis not detected when used in content warning (#5049)
6 years ago
Add animate custom emoji param to embed pages (#8507) * Add animate custom emoji param to embed pages * Rename param, use it for avatars and gifs * Fix issues pointed by codeclimate and breaking test * Ignore brakeman warning
5 years ago
Fix custom emojis not detected when used in content warning (#5049)
6 years ago
Add support for custom emojis in poll options (#10322) * Backend changes for custom emoji support in poll options * Serialize poll emojis in REST API * Render custom emojis in poll options * Render custom emoji in poll options on public pages
5 years ago
Enable custom emojis in profiles (notes, field values, display names) (#7374) Follow-up to #6124
6 years ago
Add animate custom emoji param to embed pages (#8507) * Add animate custom emoji param to embed pages * Rename param, use it for avatars and gifs * Fix issues pointed by codeclimate and breaking test * Ignore brakeman warning
5 years ago
Enable custom emojis in profiles (notes, field values, display names) (#7374) Follow-up to #6124
6 years ago
Add bio fields (#6645) * Add bio fields - Fix #3211 - Fix #232 - Fix #121 * Display bio fields in web UI * Fix output of links and missing fields * Federate bio fields over ActivityPub as PropertyValue * Improve how the fields are stored, add to Edit profile form * Add rel=me to links in fields Fix #121
6 years ago
Enable custom emojis in profiles (notes, field values, display names) (#7374) Follow-up to #6124
6 years ago
Add animate custom emoji param to embed pages (#8507) * Add animate custom emoji param to embed pages * Rename param, use it for avatars and gifs * Fix issues pointed by codeclimate and breaking test * Ignore brakeman warning
5 years ago
Enable custom emojis in profiles (notes, field values, display names) (#7374) Follow-up to #6124
6 years ago
Add bio fields (#6645) * Add bio fields - Fix #3211 - Fix #232 - Fix #121 * Display bio fields in web UI * Fix output of links and missing fields * Federate bio fields over ActivityPub as PropertyValue * Improve how the fields are stored, add to Edit profile form * Add rel=me to links in fields Fix #121
6 years ago
Add semi-support for Video/Image objects in ActivityPub (#5848) * Add semi-support for Video/Image objects in ActivityPub Video and Image objects will create corresponding status records with manually crafted text contents (title + URL) * Extract html-url-finding logic into JsonLdHelper * Fallback to id when url missing, extract supported object types
6 years ago
Refactored generation of unique tags, URIs and object URLs into own classes, as well as formatting of content
7 years ago
Improve signature verification safeguards (#8959) * Downcase signed_headers string before building the signed string The HTTP Signatures draft does not mandate the “headers” field to be downcased, but mandates the header field names to be downcased in the signed string, which means that prior to this patch, Mastodon could fail to process signatures from some compliant clients. It also means that it would not actually check the Digest of non-compliant clients that wouldn't use a lowercased Digest field name. Thankfully, I don't know of any such client. * Revert "Remove dead code (#8919)" This reverts commit a00ce8c92c06f42109aad5cfe65d46862cf037bb. * Restore time window checking, change it to 12 hours By checking the Date header, we can prevent replaying old vulnerable signatures. The focus is to prevent replaying old vulnerable requests from software that has been fixed in the meantime, so a somewhat long window should be fine and accounts for timezone misconfiguration. * Escape users' URLs when formatting them Fixes possible HTML injection * Escape all string interpolations in Formatter class Slightly improve performance by reducing class allocations from repeated Formatter#encode calls * Fix code style issues
5 years ago
Refactored generation of unique tags, URIs and object URLs into own classes, as well as formatting of content
7 years ago
Improve signature verification safeguards (#8959) * Downcase signed_headers string before building the signed string The HTTP Signatures draft does not mandate the “headers” field to be downcased, but mandates the header field names to be downcased in the signed string, which means that prior to this patch, Mastodon could fail to process signatures from some compliant clients. It also means that it would not actually check the Digest of non-compliant clients that wouldn't use a lowercased Digest field name. Thankfully, I don't know of any such client. * Revert "Remove dead code (#8919)" This reverts commit a00ce8c92c06f42109aad5cfe65d46862cf037bb. * Restore time window checking, change it to 12 hours By checking the Date header, we can prevent replaying old vulnerable signatures. The focus is to prevent replaying old vulnerable requests from software that has been fixed in the meantime, so a somewhat long window should be fine and accounts for timezone misconfiguration. * Escape users' URLs when formatting them Fixes possible HTML injection * Escape all string interpolations in Formatter class Slightly improve performance by reducing class allocations from repeated Formatter#encode calls * Fix code style issues
5 years ago
Refactored generation of unique tags, URIs and object URLs into own classes, as well as formatting of content
7 years ago
Add bio fields (#6645) * Add bio fields - Fix #3211 - Fix #232 - Fix #121 * Display bio fields in web UI * Fix output of links and missing fields * Federate bio fields over ActivityPub as PropertyValue * Improve how the fields are stored, add to Edit profile form * Add rel=me to links in fields Fix #121
6 years ago
Allow most kinds of characters in URL query (fixes #8408) (#8447) * Allow unicode characters in URL query strings Fixes #8408 * Alternative approach to unicode support in urls Adds PoC/idea to approch this problem.
5 years ago
use Twitter::Extractor for creating links (#2502)
7 years ago
Add bio fields (#6645) * Add bio fields - Fix #3211 - Fix #232 - Fix #121 * Display bio fields in web UI * Fix output of links and missing fields * Federate bio fields over ActivityPub as PropertyValue * Improve how the fields are stored, add to Edit profile form * Add rel=me to links in fields Fix #121
6 years ago
use Twitter::Extractor for creating links (#2502)
7 years ago
Add bio fields (#6645) * Add bio fields - Fix #3211 - Fix #232 - Fix #121 * Display bio fields in web UI * Fix output of links and missing fields * Federate bio fields over ActivityPub as PropertyValue * Improve how the fields are stored, add to Edit profile form * Add rel=me to links in fields Fix #121
6 years ago
use Twitter::Extractor for creating links (#2502)
7 years ago
Prepend reblogs' wrapper content with "RT @original_author", (#3013) so that when a reblog parse fails on another instance, it doesn't look like a misattributed/stolen text
7 years ago
use Twitter::Extractor for creating links (#2502)
7 years ago
Fix html escape characters in the URL (#2138) * fix character escaping in URL * add tests * put a comma after the last item * add HTML escape test
7 years ago
Avoid emojifying on invisible text (#5558)
6 years ago
Add animate custom emoji param to embed pages (#8507) * Add animate custom emoji param to embed pages * Rename param, use it for avatars and gifs * Fix issues pointed by codeclimate and breaking test * Ignore brakeman warning
5 years ago
Custom emoji (#4988) * Custom emoji - In OStatus: `<link rel="emoji" name="coolcat" href="http://..." />` - In ActivityPub: `{ type: "Emoji", name: ":coolcat:", href: "http://..." }` - In REST API: Status object includes `emojis` array (`shortcode`, `url`) - Domain blocks with reject media stop emojis - Emoji file up to 50KB - Web UI handles custom emojis - Static pages render custom emojis as `<img />` tags Side effects: - Undo #4500 optimization, as I needed to modify it to restore shortcode handling in emojify() - Formatter#plaintext should now make sure stripped out line-breaks and paragraphs are replaced with newlines * Fix emoji at the start not being converted
6 years ago
Play animated custom emoji on hover (#11348) * Play animated custom emoji on hover in status * Play animated custom emoji on hover in display names * Play animated custom emoji on hover in bios/bio fields * Add support for animation on hover on public pages emojis too * Fix tests * Code style cleanup
4 years ago
Custom emoji (#4988) * Custom emoji - In OStatus: `<link rel="emoji" name="coolcat" href="http://..." />` - In ActivityPub: `{ type: "Emoji", name: ":coolcat:", href: "http://..." }` - In REST API: Status object includes `emojis` array (`shortcode`, `url`) - Domain blocks with reject media stop emojis - Emoji file up to 50KB - Web UI handles custom emojis - Static pages render custom emojis as `<img />` tags Side effects: - Undo #4500 optimization, as I needed to modify it to restore shortcode handling in emojify() - Formatter#plaintext should now make sure stripped out line-breaks and paragraphs are replaced with newlines * Fix emoji at the start not being converted
6 years ago
Avoid emojifying on invisible text (#5558)
6 years ago
Custom emoji (#4988) * Custom emoji - In OStatus: `<link rel="emoji" name="coolcat" href="http://..." />` - In ActivityPub: `{ type: "Emoji", name: ":coolcat:", href: "http://..." }` - In REST API: Status object includes `emojis` array (`shortcode`, `url`) - Domain blocks with reject media stop emojis - Emoji file up to 50KB - Web UI handles custom emojis - Static pages render custom emojis as `<img />` tags Side effects: - Undo #4500 optimization, as I needed to modify it to restore shortcode handling in emojify() - Formatter#plaintext should now make sure stripped out line-breaks and paragraphs are replaced with newlines * Fix emoji at the start not being converted
6 years ago
Avoid emojifying on invisible text (#5558)
6 years ago
Custom emoji (#4988) * Custom emoji - In OStatus: `<link rel="emoji" name="coolcat" href="http://..." />` - In ActivityPub: `{ type: "Emoji", name: ":coolcat:", href: "http://..." }` - In REST API: Status object includes `emojis` array (`shortcode`, `url`) - Domain blocks with reject media stop emojis - Emoji file up to 50KB - Web UI handles custom emojis - Static pages render custom emojis as `<img />` tags Side effects: - Undo #4500 optimization, as I needed to modify it to restore shortcode handling in emojify() - Formatter#plaintext should now make sure stripped out line-breaks and paragraphs are replaced with newlines * Fix emoji at the start not being converted
6 years ago
Avoid emojifying on invisible text (#5558)
6 years ago
Custom emoji (#4988) * Custom emoji - In OStatus: `<link rel="emoji" name="coolcat" href="http://..." />` - In ActivityPub: `{ type: "Emoji", name: ":coolcat:", href: "http://..." }` - In REST API: Status object includes `emojis` array (`shortcode`, `url`) - Domain blocks with reject media stop emojis - Emoji file up to 50KB - Web UI handles custom emojis - Static pages render custom emojis as `<img />` tags Side effects: - Undo #4500 optimization, as I needed to modify it to restore shortcode handling in emojify() - Formatter#plaintext should now make sure stripped out line-breaks and paragraphs are replaced with newlines * Fix emoji at the start not being converted
6 years ago
Play animated custom emoji on hover (#11348) * Play animated custom emoji on hover in status * Play animated custom emoji on hover in display names * Play animated custom emoji on hover in bios/bio fields * Add support for animation on hover on public pages emojis too * Fix tests * Code style cleanup
4 years ago
Custom emoji (#4988) * Custom emoji - In OStatus: `<link rel="emoji" name="coolcat" href="http://..." />` - In ActivityPub: `{ type: "Emoji", name: ":coolcat:", href: "http://..." }` - In REST API: Status object includes `emojis` array (`shortcode`, `url`) - Domain blocks with reject media stop emojis - Emoji file up to 50KB - Web UI handles custom emojis - Static pages render custom emojis as `<img />` tags Side effects: - Undo #4500 optimization, as I needed to modify it to restore shortcode handling in emojify() - Formatter#plaintext should now make sure stripped out line-breaks and paragraphs are replaced with newlines * Fix emoji at the start not being converted
6 years ago
Avoid emojifying on invisible text (#5558)
6 years ago
Custom emoji (#4988) * Custom emoji - In OStatus: `<link rel="emoji" name="coolcat" href="http://..." />` - In ActivityPub: `{ type: "Emoji", name: ":coolcat:", href: "http://..." }` - In REST API: Status object includes `emojis` array (`shortcode`, `url`) - Domain blocks with reject media stop emojis - Emoji file up to 50KB - Web UI handles custom emojis - Static pages render custom emojis as `<img />` tags Side effects: - Undo #4500 optimization, as I needed to modify it to restore shortcode handling in emojify() - Formatter#plaintext should now make sure stripped out line-breaks and paragraphs are replaced with newlines * Fix emoji at the start not being converted
6 years ago
Avoid emojifying on invisible text (#5558)
6 years ago
Custom emoji (#4988) * Custom emoji - In OStatus: `<link rel="emoji" name="coolcat" href="http://..." />` - In ActivityPub: `{ type: "Emoji", name: ":coolcat:", href: "http://..." }` - In REST API: Status object includes `emojis` array (`shortcode`, `url`) - Domain blocks with reject media stop emojis - Emoji file up to 50KB - Web UI handles custom emojis - Static pages render custom emojis as `<img />` tags Side effects: - Undo #4500 optimization, as I needed to modify it to restore shortcode handling in emojify() - Formatter#plaintext should now make sure stripped out line-breaks and paragraphs are replaced with newlines * Fix emoji at the start not being converted
6 years ago
Avoid emojifying on invisible text (#5558)
6 years ago
Custom emoji (#4988) * Custom emoji - In OStatus: `<link rel="emoji" name="coolcat" href="http://..." />` - In ActivityPub: `{ type: "Emoji", name: ":coolcat:", href: "http://..." }` - In REST API: Status object includes `emojis` array (`shortcode`, `url`) - Domain blocks with reject media stop emojis - Emoji file up to 50KB - Web UI handles custom emojis - Static pages render custom emojis as `<img />` tags Side effects: - Undo #4500 optimization, as I needed to modify it to restore shortcode handling in emojify() - Formatter#plaintext should now make sure stripped out line-breaks and paragraphs are replaced with newlines * Fix emoji at the start not being converted
6 years ago
use Twitter::Extractor for creating links (#2502)
7 years ago
Minor performance improvements and cleanup in formatter (#10765)
5 years ago
Fix html escape characters in the URL (#2138) * fix character escaping in URL * add tests * put a comma after the last item * add HTML escape test
7 years ago
Prepend reblogs' wrapper content with "RT @original_author", (#3013) so that when a reblog parse fails on another instance, it doesn't look like a misattributed/stolen text
7 years ago
use Twitter::Extractor for creating links (#2502)
7 years ago
Prepend reblogs' wrapper content with "RT @original_author", (#3013) so that when a reblog parse fails on another instance, it doesn't look like a misattributed/stolen text
7 years ago
Fix html escape characters in the URL (#2138) * fix character escaping in URL * add tests * put a comma after the last item * add HTML escape test
7 years ago
use Twitter::Extractor for creating links (#2502)
7 years ago
Minor performance improvements and cleanup in formatter (#10765)
5 years ago
use Twitter::Extractor for creating links (#2502)
7 years ago
Fix html escape characters in the URL (#2138) * fix character escaping in URL * add tests * put a comma after the last item * add HTML escape test
7 years ago
Prepend reblogs' wrapper content with "RT @original_author", (#3013) so that when a reblog parse fails on another instance, it doesn't look like a misattributed/stolen text
7 years ago
Minor performance improvements and cleanup in formatter (#10765)
5 years ago
Fix html escape characters in the URL (#2138) * fix character escaping in URL * add tests * put a comma after the last item * add HTML escape test
7 years ago
use Twitter::Extractor for creating links (#2502)
7 years ago
Refactored generation of unique tags, URIs and object URLs into own classes, as well as formatting of content
7 years ago
Fix URL linkifier grabbing full-width spaces and quotations (#9997) Fix #9993 Fix #5654
5 years ago
Allow most kinds of characters in URL query (fixes #8408) (#8447) * Allow unicode characters in URL query strings Fixes #8408 * Alternative approach to unicode support in urls Adds PoC/idea to approch this problem.
5 years ago
Fix URL linkifier grabbing full-width spaces and quotations (#9997) Fix #9993 Fix #5654
5 years ago
Allow most kinds of characters in URL query (fixes #8408) (#8447) * Allow unicode characters in URL query strings Fixes #8408 * Alternative approach to unicode support in urls Adds PoC/idea to approch this problem.
5 years ago
Fix URL linkifier grabbing full-width spaces and quotations (#9997) Fix #9993 Fix #5654
5 years ago
Allow most kinds of characters in URL query (fixes #8408) (#8447) * Allow unicode characters in URL query strings Fixes #8408 * Alternative approach to unicode support in urls Adds PoC/idea to approch this problem.
5 years ago
Only URLs extract with pre-escaped text (#9991) * [test] add japanese hashtag testcase * Only URLs extract with pre-escaped text ( https://github.com/tootsuite/mastodon/issues/9989 )
5 years ago
Allow most kinds of characters in URL query (fixes #8408) (#8447) * Allow unicode characters in URL query strings Fixes #8408 * Alternative approach to unicode support in urls Adds PoC/idea to approch this problem.
5 years ago
Minor performance improvements and cleanup in formatter (#10765)
5 years ago
Allow most kinds of characters in URL query (fixes #8408) (#8447) * Allow unicode characters in URL query strings Fixes #8408 * Alternative approach to unicode support in urls Adds PoC/idea to approch this problem.
5 years ago
Add bio fields (#6645) * Add bio fields - Fix #3211 - Fix #232 - Fix #121 * Display bio fields in web UI * Fix output of links and missing fields * Federate bio fields over ActivityPub as PropertyValue * Improve how the fields are stored, add to Edit profile form * Add rel=me to links in fields Fix #121
6 years ago
Don't normalize URLs in toots (#6134) * Don't normalize URLs in toots URL normalization is ill-defined and may cause certain links to break. * Change specs since we are not normalizing user-provided URLs
6 years ago
Prepend reblogs' wrapper content with "RT @original_author", (#3013) so that when a reblog parse fails on another instance, it doesn't look like a misattributed/stolen text
7 years ago
Add bio fields (#6645) * Add bio fields - Fix #3211 - Fix #232 - Fix #121 * Display bio fields in web UI * Fix output of links and missing fields * Federate bio fields over ActivityPub as PropertyValue * Improve how the fields are stored, add to Edit profile form * Add rel=me to links in fields Fix #121
6 years ago
Don't normalize URLs in toots (#6134) * Don't normalize URLs in toots URL normalization is ill-defined and may cause certain links to break. * Change specs since we are not normalizing user-provided URLs
6 years ago
Don't normalize invalid domain names (#4499) Fixes #4496
6 years ago
Fixed bug that timeline can not be displayed by InvalidURIError (#2947)
7 years ago
Refactored generation of unique tags, URIs and object URLs into own classes, as well as formatting of content
7 years ago
Prepend reblogs' wrapper content with "RT @original_author", (#3013) so that when a reblog parse fails on another instance, it doesn't look like a misattributed/stolen text
7 years ago
use Twitter::Extractor for creating links (#2502)
7 years ago
Prepend reblogs' wrapper content with "RT @original_author", (#3013) so that when a reblog parse fails on another instance, it doesn't look like a misattributed/stolen text
7 years ago
Improve signature verification safeguards (#8959) * Downcase signed_headers string before building the signed string The HTTP Signatures draft does not mandate the “headers” field to be downcased, but mandates the header field names to be downcased in the signed string, which means that prior to this patch, Mastodon could fail to process signatures from some compliant clients. It also means that it would not actually check the Digest of non-compliant clients that wouldn't use a lowercased Digest field name. Thankfully, I don't know of any such client. * Revert "Remove dead code (#8919)" This reverts commit a00ce8c92c06f42109aad5cfe65d46862cf037bb. * Restore time window checking, change it to 12 hours By checking the Date header, we can prevent replaying old vulnerable signatures. The focus is to prevent replaying old vulnerable requests from software that has been fixed in the meantime, so a somewhat long window should be fine and accounts for timezone misconfiguration. * Escape users' URLs when formatting them Fixes possible HTML injection * Escape all string interpolations in Formatter class Slightly improve performance by reducing class allocations from repeated Formatter#encode calls * Fix code style issues
5 years ago
use Twitter::Extractor for creating links (#2502)
7 years ago
Fix #408 - link @ names in bios
7 years ago
use Twitter::Extractor for creating links (#2502)
7 years ago
Prepend reblogs' wrapper content with "RT @original_author", (#3013) so that when a reblog parse fails on another instance, it doesn't look like a misattributed/stolen text
7 years ago
Add entity cache (#7271) * Add entity cache Use a caching layer for mentions and custom emojis that are dynamically extracted from text. Reduce duplicate text extractions * Fix code style issue
6 years ago
Prepend reblogs' wrapper content with "RT @original_author", (#3013) so that when a reblog parse fails on another instance, it doesn't look like a misattributed/stolen text
7 years ago
Improve signature verification safeguards (#8959) * Downcase signed_headers string before building the signed string The HTTP Signatures draft does not mandate the “headers” field to be downcased, but mandates the header field names to be downcased in the signed string, which means that prior to this patch, Mastodon could fail to process signatures from some compliant clients. It also means that it would not actually check the Digest of non-compliant clients that wouldn't use a lowercased Digest field name. Thankfully, I don't know of any such client. * Revert "Remove dead code (#8919)" This reverts commit a00ce8c92c06f42109aad5cfe65d46862cf037bb. * Restore time window checking, change it to 12 hours By checking the Date header, we can prevent replaying old vulnerable signatures. The focus is to prevent replaying old vulnerable requests from software that has been fixed in the meantime, so a somewhat long window should be fine and accounts for timezone misconfiguration. * Escape users' URLs when formatting them Fixes possible HTML injection * Escape all string interpolations in Formatter class Slightly improve performance by reducing class allocations from repeated Formatter#encode calls * Fix code style issues
5 years ago
Fix #408 - link @ names in bios
7 years ago
use Twitter::Extractor for creating links (#2502)
7 years ago
Adding hashtag model
7 years ago
Fix #365, 1/2 of #408 - replace rails_autolink with URI.regexp, run link_hashtags on simplified_format
7 years ago
Enable to recognize most kinds of characters as URL paths (#4941)
6 years ago
Fix #204, fix #515 - URL truncating is now a style so copypasting is not affected, replaced onClick handler with onMouseUp/Down to detect text selection not trigger onClick handler then
7 years ago
Fix showing ellipsis even when link hasn't been cut off
7 years ago
Fix #204, fix #515 - URL truncating is now a style so copypasting is not affected, replaced onClick handler with onMouseUp/Down to detect text selection not trigger onClick handler then
7 years ago
Escape URL parts on formatting local status (#4975)
6 years ago
Fix #365, 1/2 of #408 - replace rails_autolink with URI.regexp, run link_hashtags on simplified_format
7 years ago
use Twitter::Extractor for creating links (#2502)
7 years ago
Improve signature verification safeguards (#8959) * Downcase signed_headers string before building the signed string The HTTP Signatures draft does not mandate the “headers” field to be downcased, but mandates the header field names to be downcased in the signed string, which means that prior to this patch, Mastodon could fail to process signatures from some compliant clients. It also means that it would not actually check the Digest of non-compliant clients that wouldn't use a lowercased Digest field name. Thankfully, I don't know of any such client. * Revert "Remove dead code (#8919)" This reverts commit a00ce8c92c06f42109aad5cfe65d46862cf037bb. * Restore time window checking, change it to 12 hours By checking the Date header, we can prevent replaying old vulnerable signatures. The focus is to prevent replaying old vulnerable requests from software that has been fixed in the meantime, so a somewhat long window should be fine and accounts for timezone misconfiguration. * Escape users' URLs when formatting them Fixes possible HTML injection * Escape all string interpolations in Formatter class Slightly improve performance by reducing class allocations from repeated Formatter#encode calls * Fix code style issues
5 years ago
Adding hashtag model
7 years ago
use Twitter::Extractor for creating links (#2502)
7 years ago
Remove Atom feeds and old URLs in the form of `GET /:username/updates/:id` (#11247)
4 years ago
Refactored generation of unique tags, URIs and object URLs into own classes, as well as formatting of content
7 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. require 'singleton'
  4. require_relative './sanitize_config'
  5. 

  6. class Formatter
  7.   include Singleton
  8.   include RoutingHelper
  9. 

  10.   include ActionView::Helpers::TextHelper
  11. 

  12.   def format(status, **options)
  13.     if status.reblog?
  14.       prepend_reblog = status.reblog.account.acct
  15.       status         = status.proper
  16.     else
  17.       prepend_reblog = false
  18.     end
  19. 

  20.     raw_content = status.text
  21. 

  22.     if options[:inline_poll_options] && status.preloadable_poll
  23.       raw_content = raw_content + "\n\n" + status.preloadable_poll.options.map { |title| "[ ] #{title}" }.join("\n")
  24.     end
  25. 

  26.     return '' if raw_content.blank?
  27. 

  28.     unless status.local?
  29.       html = reformat(raw_content)
  30.       html = encode_custom_emojis(html, status.emojis, options[:autoplay]) if options[:custom_emojify]
  31.       return html.html_safe # rubocop:disable Rails/OutputSafety
  32.     end
  33. 

  34.     linkable_accounts = status.active_mentions.map(&:account)
  35.     linkable_accounts << status.account
  36. 

  37.     html = raw_content
  38.     html = "RT @#{prepend_reblog} #{html}" if prepend_reblog
  39.     html = encode_and_link_urls(html, linkable_accounts)
  40.     html = encode_custom_emojis(html, status.emojis, options[:autoplay]) if options[:custom_emojify]
  41.     html = simple_format(html, {}, sanitize: false)
  42.     html = html.delete("\n")
  43. 

  44.     html.html_safe # rubocop:disable Rails/OutputSafety
  45.   end
  46. 

  47.   def reformat(html)
  48.     sanitize(html, Sanitize::Config::MASTODON_STRICT)
  49.   end
  50. 

  51.   def plaintext(status)
  52.     return status.text if status.local?
  53. 

  54.     text = status.text.gsub(/(<br \/>|<br>|<\/p>)+/) { |match| "#{match}\n" }
  55.     strip_tags(text)
  56.   end
  57. 

  58.   def simplified_format(account, **options)
  59.     html = account.local? ? linkify(account.note) : reformat(account.note)
  60.     html = encode_custom_emojis(html, account.emojis, options[:autoplay]) if options[:custom_emojify]
  61.     html.html_safe # rubocop:disable Rails/OutputSafety
  62.   end
  63. 

  64.   def sanitize(html, config)
  65.     Sanitize.fragment(html, config)
  66.   end
  67. 

  68.   def format_spoiler(status, **options)
  69.     html = encode(status.spoiler_text)
  70.     html = encode_custom_emojis(html, status.emojis, options[:autoplay])
  71.     html.html_safe # rubocop:disable Rails/OutputSafety
  72.   end
  73. 

  74.   def format_poll_option(status, option, **options)
  75.     html = encode(option.title)
  76.     html = encode_custom_emojis(html, status.emojis, options[:autoplay])
  77.     html.html_safe # rubocop:disable Rails/OutputSafety
  78.   end
  79. 

  80.   def format_display_name(account, **options)
  81.     html = encode(account.display_name.presence || account.username)
  82.     html = encode_custom_emojis(html, account.emojis, options[:autoplay]) if options[:custom_emojify]
  83.     html.html_safe # rubocop:disable Rails/OutputSafety
  84.   end
  85. 

  86.   def format_field(account, str, **options)
  87.     return reformat(str).html_safe unless account.local? # rubocop:disable Rails/OutputSafety
  88.     html = encode_and_link_urls(str, me: true)
  89.     html = encode_custom_emojis(html, account.emojis, options[:autoplay]) if options[:custom_emojify]
  90.     html.html_safe # rubocop:disable Rails/OutputSafety
  91.   end
  92. 

  93.   def linkify(text)
  94.     html = encode_and_link_urls(text)
  95.     html = simple_format(html, {}, sanitize: false)
  96.     html = html.delete("\n")
  97. 

  98.     html.html_safe # rubocop:disable Rails/OutputSafety
  99.   end
  100. 

  101.   private
  102. 

  103.   def html_entities
  104.     @html_entities ||= HTMLEntities.new
  105.   end
  106. 

  107.   def encode(html)
  108.     html_entities.encode(html)
  109.   end
  110. 

  111.   def encode_and_link_urls(html, accounts = nil, options = {})
  112.     entities = utf8_friendly_extractor(html, extract_url_without_protocol: false)
  113. 

  114.     if accounts.is_a?(Hash)
  115.       options  = accounts
  116.       accounts = nil
  117.     end
  118. 

  119.     rewrite(html.dup, entities) do |entity|
  120.       if entity[:url]
  121.         link_to_url(entity, options)
  122.       elsif entity[:hashtag]
  123.         link_to_hashtag(entity)
  124.       elsif entity[:screen_name]
  125.         link_to_mention(entity, accounts)
  126.       end
  127.     end
  128.   end
  129. 

  130.   def count_tag_nesting(tag)
  131.     if tag[1] == '/' then -1

  132.     elsif tag[-2] == '/' then 0

  133.     else 1

  134.     end
  135.   end
  136. 

  137.   def encode_custom_emojis(html, emojis, animate = false)
  138.     return html if emojis.empty?
  139. 

  140.     emoji_map = emojis.each_with_object({}) { |e, h| h[e.shortcode] = [full_asset_url(e.image.url), full_asset_url(e.image.url(:static))] }
  141. 

  142.     i                     = -1

  143.     tag_open_index        = nil
  144.     inside_shortname      = false
  145.     shortname_start_index = -1

  146.     invisible_depth       = 0

  147. 

  148.     while i + 1 < html.size
  149.       i += 1

  150. 

  151.       if invisible_depth.zero? && inside_shortname && html[i] == ':'
  152.         shortcode = html[shortname_start_index + 1..i - 1]
  153.         emoji     = emoji_map[shortcode]
  154. 

  155.         if emoji
  156.           original_url, static_url = emoji
  157.           replacement = begin
  158.             if animate
  159.               "<img draggable=\"false\" class=\"emojione\" alt=\":#{encode(shortcode)}:\" title=\":#{encode(shortcode)}:\" src=\"#{encode(original_url)}\" />"
  160.             else
  161.               "<img draggable=\"false\" class=\"emojione custom-emoji\" alt=\":#{encode(shortcode)}:\" title=\":#{encode(shortcode)}:\" src=\"#{encode(static_url)}\" data-original=\"#{original_url}\" data-static=\"#{static_url}\" />"
  162.             end
  163.           end
  164.           before_html = shortname_start_index.positive? ? html[0..shortname_start_index - 1] : ''
  165.           html        = before_html + replacement + html[i + 1..-1]
  166.           i          += replacement.size - (shortcode.size + 2) - 1

  167.         else
  168.           i -= 1

  169.         end
  170. 

  171.         inside_shortname = false
  172.       elsif tag_open_index && html[i] == '>'
  173.         tag = html[tag_open_index..i]
  174.         tag_open_index = nil
  175.         if invisible_depth.positive?
  176.           invisible_depth += count_tag_nesting(tag)
  177.         elsif tag == '<span class="invisible">'
  178.           invisible_depth = 1

  179.         end
  180.       elsif html[i] == '<'
  181.         tag_open_index   = i
  182.         inside_shortname = false
  183.       elsif !tag_open_index && html[i] == ':'
  184.         inside_shortname      = true
  185.         shortname_start_index = i
  186.       end
  187.     end
  188. 

  189.     html
  190.   end
  191. 

  192.   def rewrite(text, entities)
  193.     text = text.to_s
  194. 

  195.     # Sort by start index
  196.     entities = entities.sort_by do |entity|
  197.       indices = entity.respond_to?(:indices) ? entity.indices : entity[:indices]
  198.       indices.first
  199.     end
  200. 

  201.     result = []
  202. 

  203.     last_index = entities.reduce(0) do |index, entity|
  204.       indices = entity.respond_to?(:indices) ? entity.indices : entity[:indices]
  205.       result << encode(text[index...indices.first])
  206.       result << yield(entity)
  207.       indices.last
  208.     end
  209. 

  210.     result << encode(text[last_index..-1])
  211. 

  212.     result.flatten.join
  213.   end
  214. 

  215.   UNICODE_ESCAPE_BLACKLIST_RE = /\p{Z}|\p{P}/
  216. 

  217.   def utf8_friendly_extractor(text, options = {})
  218.     old_to_new_index = [0]
  219. 

  220.     escaped = text.chars.map do |c|
  221.       output = begin
  222.         if c.ord.to_s(16).length > 2 && UNICODE_ESCAPE_BLACKLIST_RE.match(c).nil?
  223.           CGI.escape(c)
  224.         else
  225.           c
  226.         end
  227.       end
  228. 

  229.       old_to_new_index << old_to_new_index.last + output.length
  230. 

  231.       output
  232.     end.join
  233. 

  234.     # Note: I couldn't obtain list_slug with @user/list-name format
  235.     # for mention so this requires additional check
  236.     special = Extractor.extract_urls_with_indices(escaped, options).map do |extract|
  237.       new_indices = [
  238.         old_to_new_index.find_index(extract[:indices].first),
  239.         old_to_new_index.find_index(extract[:indices].last),
  240.       ]
  241. 

  242.       next extract.merge(
  243.         indices: new_indices,
  244.         url: text[new_indices.first..new_indices.last - 1]
  245.       )
  246.     end
  247. 

  248.     standard = Extractor.extract_entities_with_indices(text, options)
  249. 

  250.     Extractor.remove_overlapping_entities(special + standard)
  251.   end
  252. 

  253.   def link_to_url(entity, options = {})
  254.     url        = Addressable::URI.parse(entity[:url])
  255.     html_attrs = { target: '_blank', rel: 'nofollow noopener' }
  256. 

  257.     html_attrs[:rel] = "me #{html_attrs[:rel]}" if options[:me]
  258. 

  259.     Twitter::Autolink.send(:link_to_text, entity, link_html(entity[:url]), url, html_attrs)
  260.   rescue Addressable::URI::InvalidURIError, IDN::Idna::IdnaError
  261.     encode(entity[:url])
  262.   end
  263. 

  264.   def link_to_mention(entity, linkable_accounts)
  265.     acct = entity[:screen_name]
  266. 

  267.     return link_to_account(acct) unless linkable_accounts
  268. 

  269.     account = linkable_accounts.find { |item| TagManager.instance.same_acct?(item.acct, acct) }
  270.     account ? mention_html(account) : "@#{encode(acct)}"
  271.   end
  272. 

  273.   def link_to_account(acct)
  274.     username, domain = acct.split('@')
  275. 

  276.     domain  = nil if TagManager.instance.local_domain?(domain)
  277.     account = EntityCache.instance.mention(username, domain)
  278. 

  279.     account ? mention_html(account) : "@#{encode(acct)}"
  280.   end
  281. 

  282.   def link_to_hashtag(entity)
  283.     hashtag_html(entity[:hashtag])
  284.   end
  285. 

  286.   def link_html(url)
  287.     url    = Addressable::URI.parse(url).to_s
  288.     prefix = url.match(/\Ahttps?:\/\/(www\.)?/).to_s
  289.     text   = url[prefix.length, 30]
  290.     suffix = url[prefix.length + 30..-1]
  291.     cutoff = url[prefix.length..-1].length > 30

  292. 

  293.     "<span class=\"invisible\">#{encode(prefix)}</span><span class=\"#{cutoff ? 'ellipsis' : ''}\">#{encode(text)}</span><span class=\"invisible\">#{encode(suffix)}</span>"
  294.   end
  295. 

  296.   def hashtag_html(tag)
  297.     "<a href=\"#{encode(tag_url(tag.downcase))}\" class=\"mention hashtag\" rel=\"tag\">#<span>#{encode(tag)}</span></a>"
  298.   end
  299. 

  300.   def mention_html(account)
  301.     "<span class=\"h-card\"><a href=\"#{encode(ActivityPub::TagManager.instance.url_for(account))}\" class=\"u-url mention\">@<span>#{encode(account.username)}</span></a></span>"
  302.   end
  303. end