diff options
author | Benjamin Neff <benjamin@coding4coffee.ch> | 2022-10-03 19:55:20 +0300 |
---|---|---|
committer | Benjamin Neff <benjamin@coding4coffee.ch> | 2022-10-06 01:45:50 +0300 |
commit | 536c96f2173963154589f54f73e0def362ac864a (patch) | |
tree | 38cd4892d0c38791f4ce83556b8d7ece2787a7ef | |
parent | 03796e8fe2421ddfbc5380b8194ee68afbe3b88b (diff) |
Escape mentions before parsing message with markdown
Usernames that contained underscores were parsed by markdown first. This
broke the diaspora IDs and also added weird html at places where it
wasn't needed. Escaping them before sending the message through the
markdown parser fixes this issue.
As underscores are the only allowed character that can be used for
markdown that is also allowed inside a diaspora ID, this escaping can be
kept pretty simple.
This only fixes it for the mobile UI at the moment, for the desktop UI
it's probably better to fix it in markdown-it.
Related to #7975
-rw-r--r-- | lib/diaspora/mentionable.rb | 10 | ||||
-rw-r--r-- | lib/diaspora/message_renderer.rb | 5 | ||||
-rw-r--r-- | spec/lib/diaspora/message_renderer_spec.rb | 10 |
3 files changed, 25 insertions, 0 deletions
diff --git a/lib/diaspora/mentionable.rb b/lib/diaspora/mentionable.rb index 39dc7b085..41dcb79f7 100644 --- a/lib/diaspora/mentionable.rb +++ b/lib/diaspora/mentionable.rb @@ -71,6 +71,16 @@ module Diaspora::Mentionable } end + # Escapes special chars in mentions to not be parsed as markdown + # + # @param [String] text containing mentions + # @return [String] escaped message + def self.escape_for_markdown(msg_text) + msg_text.to_s.gsub(REGEX) {|match_str| + match_str.gsub("_", "\\_") + } + end + private_class_method def self.find_or_fetch_person_by_identifier(identifier) Person.find_or_fetch_by_identifier(identifier) if Validation::Rule::DiasporaId.new.valid_value?(identifier) rescue DiasporaFederation::Discovery::DiscoveryError diff --git a/lib/diaspora/message_renderer.rb b/lib/diaspora/message_renderer.rb index 7cb0df3fd..6981e7a20 100644 --- a/lib/diaspora/message_renderer.rb +++ b/lib/diaspora/message_renderer.rb @@ -71,6 +71,10 @@ module Diaspora end end + def escape_mentions_for_markdown + @message = Diaspora::Mentionable.escape_for_markdown(message) + end + def render_mentions unless options[:disable_hovercards] || options[:mentioned_people].empty? @message = Diaspora::Mentionable.format message, options[:mentioned_people] @@ -210,6 +214,7 @@ module Diaspora normalize diaspora_links camo_urls if AppConfig.privacy.camo.proxy_markdown_images? + escape_mentions_for_markdown markdownify render_mentions render_tags diff --git a/spec/lib/diaspora/message_renderer_spec.rb b/spec/lib/diaspora/message_renderer_spec.rb index a9a12e85b..ca000890e 100644 --- a/spec/lib/diaspora/message_renderer_spec.rb +++ b/spec/lib/diaspora/message_renderer_spec.rb @@ -183,6 +183,16 @@ describe Diaspora::MessageRenderer do ).to match(/hovercard/) end + it "does not parse mentions as markdown" do + new_person = FactoryBot.create(:person, diaspora_handle: "__underscore__@example.org") + expect( + message( + "Hey @{#{new_person.diaspora_handle}}!", + mentioned_people: [new_person] + ).markdownified + ).to match(%r{>#{new_person.name}</a>}) + end + it 'should process text with both a hashtag and a link' do expect( message("Test #tag?\nhttps://joindiaspora.com\n").markdownified |