diff options
| author | default <nobody@localhost> | 2022-11-16 13:13:31 +0100 |
|---|---|---|
| committer | default <nobody@localhost> | 2022-11-16 13:13:31 +0100 |
| commit | 236ca9af6b66cfc0c20c4fd5a2b5c8c187bfe3f4 (patch) | |
| tree | c808cdec072ca3dc8af8ac65df44ff35bc5f52b2 | |
| parent | 45584746d0f2c5fbfe1f5a6e0572d8ddd4f4f582 (diff) | |
Call sanitize() as soon as possible.
| -rw-r--r-- | format.c | 6 | ||||
| -rw-r--r-- | html.c | 6 | ||||
| -rw-r--r-- | snac.h | 4 |
3 files changed, 7 insertions, 9 deletions
@@ -87,7 +87,7 @@ static d_char *format_line(const char *line) } -d_char *not_really_markdown(char *content) +d_char *not_really_markdown(const char *content) /* formats a content using some Markdown rules */ { d_char *s = xs_str_new(NULL); @@ -164,11 +164,11 @@ d_char *not_really_markdown(char *content) const char *valid_tags[] = { - "a", "p", "br", "br/", "img", "blockquote", "ul", "li", + "a", "p", "br", "br/", "blockquote", "ul", "li", "span", "i", "b", "pre", "code", "em", "strong", NULL }; -d_char *sanitize(d_char *content) +d_char *sanitize(const char *content) /* cleans dangerous HTML output */ { d_char *s = xs_str_new(NULL); @@ -627,7 +627,7 @@ d_char *html_entry(snac *snac, d_char *os, char *msg, xs_set *seen, int local, i } { - xs *c = xs_dup(xs_dict_get(msg, "content")); + xs *c = sanitize(xs_dict_get(msg, "content")); char *p, *v; /* do some tweaks to the content */ @@ -663,9 +663,7 @@ d_char *html_entry(snac *snac, d_char *os, char *msg, xs_set *seen, int local, i } } - xs *sc = sanitize(c); - - s = xs_str_cat(s, sc); + s = xs_str_cat(s, c); } s = xs_str_cat(s, "\n"); @@ -135,8 +135,8 @@ int activitypub_post_handler(d_char *req, char *q_path, char *payload, int p_size, char **body, int *b_size, char **ctype); -d_char *not_really_markdown(char *content); -d_char *sanitize(d_char *str); +d_char *not_really_markdown(const char *content); +d_char *sanitize(const char *str); int html_get_handler(d_char *req, char *q_path, char **body, int *b_size, char **ctype); int html_post_handler(d_char *req, char *q_path, d_char *payload, int p_size, |