M Cargo.lock => Cargo.lock +177 -0
@@ 44,6 44,21 @@ dependencies = [
]
[[package]]
+name = "ammonia"
+version = "3.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "89eac85170f4b3fb3dc5e442c1cfb036cb8eecf9dbbd431a161ffad15d90ea3b"
+dependencies = [
+ "html5ever",
+ "lazy_static",
+ "maplit",
+ "markup5ever_rcdom",
+ "matches",
+ "tendril",
+ "url",
+]
+
+[[package]]
name = "arc-swap"
version = "0.4.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ 481,6 496,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3dcaa9ae7725d12cdb85b3ad99a434db70b468c09ded17e012d86b5c1010f7a7"
[[package]]
+name = "futf"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7c9c1ce3fa9336301af935ab852c437817d14cd33690446569392e65170aac3b"
+dependencies = [
+ "mac",
+ "new_debug_unreachable",
+]
+
+[[package]]
name = "futures"
version = "0.3.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ 743,6 768,20 @@ dependencies = [
]
[[package]]
+name = "html5ever"
+version = "0.25.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "aafcf38a1a36118242d29b92e1b08ef84e67e4a5ed06e0a80be20e6a32bfed6b"
+dependencies = [
+ "log",
+ "mac",
+ "markup5ever",
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
name = "http"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ 1004,6 1043,7 @@ version = "0.7.0-pre"
dependencies = [
"activitystreams",
"activitystreams-ext",
+ "ammonia",
"async-trait",
"bcrypt",
"bs58",
@@ 1047,6 1087,47 @@ dependencies = [
]
[[package]]
+name = "mac"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c41e0c4fef86961ac6d6f8a82609f55f31b05e4fce149ac5710e439df7619ba4"
+
+[[package]]
+name = "maplit"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3e2e65a1a2e43cfcb47a895c4c8b10d1f4a61097f9f254f183aee60cad9c651d"
+
+[[package]]
+name = "markup5ever"
+version = "0.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "aae38d669396ca9b707bfc3db254bc382ddb94f57cc5c235f34623a669a01dab"
+dependencies = [
+ "log",
+ "phf",
+ "phf_codegen",
+ "serde",
+ "serde_derive",
+ "serde_json",
+ "string_cache",
+ "string_cache_codegen",
+ "tendril",
+]
+
+[[package]]
+name = "markup5ever_rcdom"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f015da43bcd8d4f144559a3423f4591d69b8ce0652c905374da7205df336ae2b"
+dependencies = [
+ "html5ever",
+ "markup5ever",
+ "tendril",
+ "xml5ever",
+]
+
+[[package]]
name = "match_cfg"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ 1186,6 1267,12 @@ dependencies = [
]
[[package]]
+name = "new_debug_unreachable"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e4a24736216ec316047a1fc4252e27dabb04218aa4a3f37c6e7ddbf1f9782b54"
+
+[[package]]
name = "nom"
version = "5.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ 1318,6 1405,26 @@ dependencies = [
]
[[package]]
+name = "phf_codegen"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cbffee61585b0411840d3ece935cce9cb6321f01c45477d30066498cd5e1a815"
+dependencies = [
+ "phf_generator",
+ "phf_shared",
+]
+
+[[package]]
+name = "phf_generator"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "17367f0cc86f2d25802b2c26ee58a7b23faeccf78a396094c13dced0d0182526"
+dependencies = [
+ "phf_shared",
+ "rand",
+]
+
+[[package]]
name = "phf_shared"
version = "0.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ 1404,6 1511,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "237a5ed80e274dbc66f86bd59c1e25edc039660be53194b5fe0a482e0f2612ea"
[[package]]
+name = "precomputed-hash"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "925383efa346730478fb4838dbe9137d2a47675ad789c546d150a6e1dd4ab31c"
+
+[[package]]
name = "proc-macro-hack"
version = "0.5.16"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ 1473,6 1586,7 @@ dependencies = [
"rand_chacha",
"rand_core",
"rand_hc",
+ "rand_pcg",
]
[[package]]
@@ 1504,6 1618,15 @@ dependencies = [
]
[[package]]
+name = "rand_pcg"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "16abd0c1b639e9eb4d7c50c0b8100b0d0f849be2349829c740fe8e6eb4816429"
+dependencies = [
+ "rand_core",
+]
+
+[[package]]
name = "redox_syscall"
version = "0.1.56"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ 1798,6 1921,31 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
[[package]]
+name = "string_cache"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2940c75beb4e3bf3a494cef919a747a2cb81e52571e212bfbd185074add7208a"
+dependencies = [
+ "lazy_static",
+ "new_debug_unreachable",
+ "phf_shared",
+ "precomputed-hash",
+ "serde",
+]
+
+[[package]]
+name = "string_cache_codegen"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f24c8e5e19d22a726626f1a5e16fe15b132dcf21d10177fa5a45ce7962996b97"
+dependencies = [
+ "phf_generator",
+ "phf_shared",
+ "proc-macro2",
+ "quote",
+]
+
+[[package]]
name = "stringprep"
version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ 1839,6 1987,17 @@ dependencies = [
]
[[package]]
+name = "tendril"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "707feda9f2582d5d680d733e38755547a3e8fb471e7ba11452ecfd9ce93a5d3b"
+dependencies = [
+ "futf",
+ "mac",
+ "utf-8",
+]
+
+[[package]]
name = "thiserror"
version = "1.0.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ 2118,6 2277,12 @@ dependencies = [
]
[[package]]
+name = "utf-8"
+version = "0.7.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "05e42f7c18b8f902290b009cde6d651262f956c98bc51bca4cd1d511c9cd85c7"
+
+[[package]]
name = "uuid"
version = "0.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ 2284,3 2449,15 @@ dependencies = [
"winapi 0.2.8",
"winapi-build",
]
+
+[[package]]
+name = "xml5ever"
+version = "0.16.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b1b52e6e8614d4a58b8e70cf51ec0cc21b256ad8206708bcff8139b5bbd6a59"
+dependencies = [
+ "log",
+ "mac",
+ "markup5ever",
+ "time",
+]
M Cargo.toml => Cargo.toml +1 -0
@@ 48,6 48,7 @@ bs58 = "0.3.1"
bumpalo = "3.4.0"
tokio-util = "0.3.1"
henry = "0.1.0"
+ammonia = "3.1.0"
[dev-dependencies]
rand = "0.7.3"
M src/apub_util.rs => src/apub_util.rs +4 -2
@@ 1006,7 1006,9 @@ pub fn post_to_ap(
post: &crate::PostInfo,
) -> Result<(), crate::Error> {
if let Some(html) = post.content_html {
- props.set_content(html).set_media_type(mime::TEXT_HTML);
+ props
+ .set_content(ammonia::clean(&html))
+ .set_media_type(mime::TEXT_HTML);
if let Some(md) = post.content_markdown {
let mut src = activitystreams::object::Object::<()>::new();
@@ 1137,7 1139,7 @@ pub fn local_comment_to_ap(
let mut obj = activitystreams::object::ApObject::new(obj);
if let Some(html) = &comment.content_html {
- obj.set_content(html.as_ref().to_owned())
+ obj.set_content(ammonia::clean(&html))
.set_media_type(mime::TEXT_HTML);
if let Some(md) = &comment.content_markdown {
M src/routes/api/communities.rs => src/routes/api/communities.rs +1 -1
@@ 642,7 642,7 @@ async fn route_unstable_communities_posts_list(
title,
href: ctx.process_href_opt(href, id),
content_text,
- content_html,
+ content_html_safe: content_html.map(|html| ammonia::clean(&html)),
author: author.as_ref(),
created: &created.to_rfc3339(),
community: &community,
M src/routes/api/mod.rs => src/routes/api/mod.rs +3 -2
@@ 98,7 98,8 @@ struct RespPostListPost<'a> {
title: &'a str,
href: Option<Cow<'a, str>>,
content_text: Option<&'a str>,
- content_html: Option<&'a str>,
+ #[serde(rename = "content_html")]
+ content_html_safe: Option<String>,
author: Option<&'a RespMinimalAuthorInfo<'a>>,
created: &'a str,
community: &'a RespMinimalCommunityInfo<'a>,
@@ 787,7 788,7 @@ async fn handle_common_posts_list(
title,
href: ctx.process_href_opt(href, id),
content_text,
- content_html,
+ content_html_safe: content_html.map(|html| ammonia::clean(&html)),
author: author.as_ref(),
created: &created.to_rfc3339(),
community: &community,
M src/routes/api/posts.rs => src/routes/api/posts.rs +2 -2
@@ 305,7 305,7 @@ async fn route_unstable_posts_get(
Some(row) => {
let href = row.get(1);
let content_text = row.get(2);
- let content_html = row.get(5);
+ let content_html: Option<&str> = row.get(5);
let title = row.get(3);
let created: chrono::DateTime<chrono::FixedOffset> = row.get(4);
let community_id = CommunityLocalID(row.get(6));
@@ 351,7 351,7 @@ async fn route_unstable_posts_get(
title,
href: ctx.process_href_opt(href, post_id),
content_text,
- content_html,
+ content_html_safe: content_html.map(|html| ammonia::clean(&html)),
author: author.as_ref(),
created: &created.to_rfc3339(),
community: &community,