Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check the behavior around sanitization #19

Open
shuymn opened this issue Jul 8, 2023 · 0 comments
Open

Check the behavior around sanitization #19

shuymn opened this issue Jul 8, 2023 · 0 comments
Labels
🔍 Investigation

Comments

@shuymn
Copy link
Owner

shuymn commented Jul 8, 2023

I think the possibility is very low, but it is a possible bug part on HTMLRewriter side.
It is necessary to check if it reproduces with the minimum configuration.

wildebeest/backend/src/activitypub/objects/index.ts

Lines 271 to 276 in 97ca3d8

export async function sanitizeContent(unsafeContent: string): Promise<string> {
if (unsafeContent === '') {
return ''
}
return await getContentRewriter().transform(new Response(unsafeContent)).text()
}

I feel there is room for improvement in sanitization itself and would like to review the implementation and testing on the Mastodon side to see if the current implementation should be modified.

wildebeest/backend/src/activitypub/objects/index.ts

Lines 290 to 297 in 97ca3d8

function getContentRewriter() {
const contentRewriter = new HTMLRewriter()
contentRewriter.on('*', {
element(el) {
if (!['p', 'span', 'br', 'a'].includes(el.tagName)) {
const element = el as { tagName: string }
element.tagName = 'p'
}

ref: https://docs.joinmastodon.org/spec/activitypub/#sanitization
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🔍 Investigation
Projects
shuymn/wildebeest
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@shuymn