Sanitize remote html in atom feeds, API (not just UI), use cached mention

relations on Status#mentions
master
Eugen Rochko 8 years ago
parent 7cd3de3494
commit c8999a116e
  1. 8
      app/helpers/application_helper.rb
  2. 8
      app/helpers/atom_builder_helper.rb
  3. 8
      app/helpers/stream_entries_helper.rb
  4. 21
      app/models/status.rb
  5. 2
      app/views/api/statuses/show.rabl
  6. 2
      spec/models/status_spec.rb

@ -12,6 +12,14 @@ module ApplicationHelper
id.start_with?("tag:#{Rails.configuration.x.local_domain}")
end
def content_for_status(actual_status)
if actual_status.local?
linkify(actual_status)
else
sanitize(actual_status.content, tags: %w(a br p), attributes: %w(href rel))
end
end
def linkify(status)
mention_hash = {}
status.mentions.each { |m| mention_hash[m.acct] = m }

@ -137,13 +137,7 @@ module AtomBuilderHelper
def conditionally_formatted(activity)
if activity.is_a?(Status)
if activity.reblog? && activity.reblog.local?
linkify(activity.reblog)
elsif !activity.reblog? && activity.local?
linkify(activity)
else
activity.content
end
content_for_status(activity.reblog? ? activity.reblog : activity)
elsif activity.nil?
nil
else

@ -27,12 +27,4 @@ module StreamEntriesHelper
def favourited_by_me_class(status)
user_signed_in? && current_user.account.favourited?(status) ? 'favourited' : ''
end
def content_for_status(actual_status)
if actual_status.local?
linkify(actual_status)
else
sanitize(actual_status.content, tags: %w(a br p), attributes: %w(href rel))
end
end
end

@ -60,22 +60,15 @@ class Status < ActiveRecord::Base
end
def mentions
m = []
m << thread.account if reply?
m << reblog.account if reblog?
unless reblog?
self.text.scan(Account::MENTION_RE).each do |match|
uri = match.first
username, domain = uri.split('@')
account = Account.find_by(username: username, domain: domain)
m << account unless account.nil?
end
if @mentions.nil?
@mentions = []
@mentions << thread.account if reply?
@mentions << reblog.account if reblog?
self.mentioned_accounts.each { |mention| @mentions << mention.account } unless reblog?
@mentions = @mentions.uniq
end
m.uniq
@mentions
end
def ancestors

@ -2,7 +2,7 @@ object @status
attributes :id, :created_at, :in_reply_to_id
node(:uri) { |status| uri_for_target(status) }
node(:content) { |status| status.local? ? linkify(status) : status.content }
node(:content) { |status| content_for_status(status) }
node(:url) { |status| url_for_target(status) }
node(:reblogs_count) { |status| status.reblogs_count }
node(:favourites_count) { |status| status.favourites_count }

@ -50,7 +50,7 @@ RSpec.describe Status, type: :model do
end
it 'returns mentioned accounts' do
subject.text = 'Hello @bob!'
subject.mentioned_accounts.create!(account: bob)
expect(subject.mentions).to include bob
end

Loading…
Cancel
Save