From 536c96f2173963154589f54f73e0def362ac864a Mon Sep 17 00:00:00 2001 From: Benjamin Neff Date: Mon, 3 Oct 2022 18:55:20 +0200 Subject: Escape mentions before parsing message with markdown Usernames that contained underscores were parsed by markdown first. This broke the diaspora IDs and also added weird html at places where it wasn't needed. Escaping them before sending the message through the markdown parser fixes this issue. As underscores are the only allowed character that can be used for markdown that is also allowed inside a diaspora ID, this escaping can be kept pretty simple. This only fixes it for the mobile UI at the moment, for the desktop UI it's probably better to fix it in markdown-it. Related to #7975 --- lib/diaspora/mentionable.rb | 10 ++++++++++ lib/diaspora/message_renderer.rb | 5 +++++ spec/lib/diaspora/message_renderer_spec.rb | 10 ++++++++++ 3 files changed, 25 insertions(+) diff --git a/lib/diaspora/mentionable.rb b/lib/diaspora/mentionable.rb index 39dc7b085..41dcb79f7 100644 --- a/lib/diaspora/mentionable.rb +++ b/lib/diaspora/mentionable.rb @@ -71,6 +71,16 @@ module Diaspora::Mentionable } end + # Escapes special chars in mentions to not be parsed as markdown + # + # @param [String] text containing mentions + # @return [String] escaped message + def self.escape_for_markdown(msg_text) + msg_text.to_s.gsub(REGEX) {|match_str| + match_str.gsub("_", "\\_") + } + end + private_class_method def self.find_or_fetch_person_by_identifier(identifier) Person.find_or_fetch_by_identifier(identifier) if Validation::Rule::DiasporaId.new.valid_value?(identifier) rescue DiasporaFederation::Discovery::DiscoveryError diff --git a/lib/diaspora/message_renderer.rb b/lib/diaspora/message_renderer.rb index 7cb0df3fd..6981e7a20 100644 --- a/lib/diaspora/message_renderer.rb +++ b/lib/diaspora/message_renderer.rb @@ -71,6 +71,10 @@ module Diaspora end end + def escape_mentions_for_markdown + @message = Diaspora::Mentionable.escape_for_markdown(message) + end + def render_mentions unless options[:disable_hovercards] || options[:mentioned_people].empty? @message = Diaspora::Mentionable.format message, options[:mentioned_people] @@ -210,6 +214,7 @@ module Diaspora normalize diaspora_links camo_urls if AppConfig.privacy.camo.proxy_markdown_images? + escape_mentions_for_markdown markdownify render_mentions render_tags diff --git a/spec/lib/diaspora/message_renderer_spec.rb b/spec/lib/diaspora/message_renderer_spec.rb index a9a12e85b..ca000890e 100644 --- a/spec/lib/diaspora/message_renderer_spec.rb +++ b/spec/lib/diaspora/message_renderer_spec.rb @@ -183,6 +183,16 @@ describe Diaspora::MessageRenderer do ).to match(/hovercard/) end + it "does not parse mentions as markdown" do + new_person = FactoryBot.create(:person, diaspora_handle: "__underscore__@example.org") + expect( + message( + "Hey @{#{new_person.diaspora_handle}}!", + mentioned_people: [new_person] + ).markdownified + ).to match(%r{>#{new_person.name}}) + end + it 'should process text with both a hashtag and a link' do expect( message("Test #tag?\nhttps://joindiaspora.com\n").markdownified -- cgit v1.2.3