Handle HTML is comments

pull/175/head
Chocobozzz 2018-01-04 17:50:30 +01:00
parent c3badc81fe
commit 2890b615f3
No known key found for this signature in database
GPG Key ID: 583A612D890159BE
11 changed files with 100 additions and 114 deletions

View File

@ -41,6 +41,7 @@
"@types/lodash-es": "^4.17.0",
"@types/markdown-it": "^0.0.4",
"@types/node": "^8.0.33",
"@types/sanitize-html": "^1.14.0",
"@types/video.js": "6.2.0",
"@types/webtorrent": "^0.98.4",
"angular2-notifications": "^0.9.6",
@ -67,6 +68,7 @@
"raw-loader": "^0.5.1",
"resolve-url-loader": "^2.0.0",
"rxjs": "^5.4.2",
"sanitize-html": "^1.16.3",
"sass-loader": "^6.0.3",
"sass-resources-loader": "^1.2.1",
"standard": "^10.0.0",

View File

@ -6,7 +6,7 @@
<a target="_blank" [href]="comment.account.url" class="comment-account">{{ comment.by }}</a>
<div class="comment-date">{{ comment.createdAt | myFromNow }}</div>
</div>
<div>{{ comment.text }}</div>
<div class="comment-html" [innerHTML]="sanitizedCommentHTML"></div>
<div class="comment-actions">
<div *ngIf="isUserLoggedIn()" (click)="onWantToReply()" class="comment-action-reply">Reply</div>

View File

@ -32,6 +32,14 @@
}
}
.comment-html {
a {
@include disable-default-a-behaviour;
color: #000;
}
}
.comment-actions {
margin: 10px 0;
display: flex;

View File

@ -1,4 +1,5 @@
import { Component, EventEmitter, Input, Output } from '@angular/core'
import { Component, EventEmitter, Input, OnInit, Output } from '@angular/core'
import * as sanitizeHtml from 'sanitize-html'
import { Account as AccountInterface } from '../../../../../../shared/models/actors'
import { UserRight } from '../../../../../../shared/models/users'
import { VideoCommentThreadTree } from '../../../../../../shared/models/videos/video-comment.model'
@ -12,7 +13,7 @@ import { VideoComment } from './video-comment.model'
templateUrl: './video-comment.component.html',
styleUrls: ['./video-comment.component.scss']
})
export class VideoCommentComponent {
export class VideoCommentComponent implements OnInit {
@Input() video: Video
@Input() comment: VideoComment
@Input() commentTree: VideoCommentThreadTree
@ -23,12 +24,20 @@ export class VideoCommentComponent {
@Output() threadCreated = new EventEmitter<VideoCommentThreadTree>()
@Output() resetReply = new EventEmitter()
sanitizedCommentHTML = ''
constructor (private authService: AuthService) {}
get user () {
return this.authService.getUser()
}
ngOnInit () {
this.sanitizedCommentHTML = sanitizeHtml(this.comment.text, {
allowedTags: [ 'p', 'span' ]
})
}
onCommentReplyCreated (createdComment: VideoComment) {
if (!this.commentTree) {
this.commentTree = {

View File

@ -255,6 +255,10 @@
"@types/node" "*"
"@types/parse-torrent-file" "*"
"@types/sanitize-html@^1.14.0":
version "1.14.0"
resolved "https://registry.yarnpkg.com/@types/sanitize-html/-/sanitize-html-1.14.0.tgz#9a03ec58306e24feaa3fbdb8ab593934d53ecb05"
"@types/simple-peer@*":
version "6.1.4"
resolved "https://registry.yarnpkg.com/@types/simple-peer/-/simple-peer-6.1.4.tgz#1d1384e1d8dc17b9e7d1673d704febe91ca48191"
@ -466,7 +470,7 @@ array-union@^1.0.1:
dependencies:
array-uniq "^1.0.1"
array-uniq@^1.0.1:
array-uniq@^1.0.1, array-uniq@^1.0.2:
version "1.0.3"
resolved "https://registry.yarnpkg.com/array-uniq/-/array-uniq-1.0.3.tgz#af6ac877a25cc7f74e058894753858dfdb24fdb6"
@ -1921,7 +1925,7 @@ domain-browser@^1.1.1:
version "1.1.7"
resolved "https://registry.yarnpkg.com/domain-browser/-/domain-browser-1.1.7.tgz#867aa4b093faa05f1de08c06f4d7b21fdf8698bc"
domelementtype@1:
domelementtype@1, domelementtype@^1.3.0:
version "1.3.0"
resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-1.3.0.tgz#b17aed82e8ab59e52dd9c19b1756e0fc187204c2"
@ -1935,6 +1939,12 @@ domhandler@2.1:
dependencies:
domelementtype "1"
domhandler@^2.3.0:
version "2.4.1"
resolved "https://registry.yarnpkg.com/domhandler/-/domhandler-2.4.1.tgz#892e47000a99be55bbf3774ffea0561d8879c259"
dependencies:
domelementtype "1"
domutils@1.1:
version "1.1.6"
resolved "https://registry.yarnpkg.com/domutils/-/domutils-1.1.6.tgz#bddc3de099b9a2efacc51c623f28f416ecc57485"
@ -1948,6 +1958,13 @@ domutils@1.5.1:
dom-serializer "0"
domelementtype "1"
domutils@^1.5.1:
version "1.6.2"
resolved "https://registry.yarnpkg.com/domutils/-/domutils-1.6.2.tgz#1958cc0b4c9426e9ed367fb1c8e854891b0fa3ff"
dependencies:
dom-serializer "0"
domelementtype "1"
duplexer@^0.1.1:
version "0.1.1"
resolved "https://registry.yarnpkg.com/duplexer/-/duplexer-0.1.1.tgz#ace6ff808c1ce66b57d1ebf97977acb02334cfc1"
@ -2027,7 +2044,7 @@ enhanced-resolve@^3.1.0, enhanced-resolve@^3.4.0:
object-assign "^4.0.1"
tapable "^0.2.7"
entities@~1.1.1:
entities@^1.1.1, entities@~1.1.1:
version "1.1.1"
resolved "https://registry.yarnpkg.com/entities/-/entities-1.1.1.tgz#6e5c2d0a5621b5dadaecef80b90edfb5cd7772f0"
@ -3077,6 +3094,17 @@ html-webpack-plugin@^2.19.0, html-webpack-plugin@^2.29.0:
pretty-error "^2.0.2"
toposort "^1.0.0"
htmlparser2@^3.9.0:
version "3.9.2"
resolved "https://registry.yarnpkg.com/htmlparser2/-/htmlparser2-3.9.2.tgz#1bdf87acca0f3f9e53fa4fcceb0f4b4cbb00b338"
dependencies:
domelementtype "^1.3.0"
domhandler "^2.3.0"
domutils "^1.5.1"
entities "^1.1.1"
inherits "^2.0.1"
readable-stream "^2.0.2"
htmlparser2@~3.3.0:
version "3.3.0"
resolved "https://registry.yarnpkg.com/htmlparser2/-/htmlparser2-3.3.0.tgz#cc70d05a59f6542e43f0e685c982e14c924a9efe"
@ -3917,6 +3945,10 @@ lodash.defaults@^4.0.0:
version "4.2.0"
resolved "https://registry.yarnpkg.com/lodash.defaults/-/lodash.defaults-4.2.0.tgz#d09178716ffea4dde9e5fb7b37f6f0802274580c"
lodash.escaperegexp@^4.1.2:
version "4.1.2"
resolved "https://registry.yarnpkg.com/lodash.escaperegexp/-/lodash.escaperegexp-4.1.2.tgz#64762c48618082518ac3df4ccf5d5886dae20347"
lodash.isarguments@^3.0.0:
version "3.1.0"
resolved "https://registry.yarnpkg.com/lodash.isarguments/-/lodash.isarguments-3.1.0.tgz#2f573d85c6a24289ff00663b491c1d338ff3458a"
@ -5238,6 +5270,14 @@ postcss@^6.0.0, postcss@^6.0.1, postcss@^6.0.13:
source-map "^0.6.1"
supports-color "^4.4.0"
postcss@^6.0.14:
version "6.0.15"
resolved "https://registry.yarnpkg.com/postcss/-/postcss-6.0.15.tgz#f460cd6269fede0d1bf6defff0b934a9845d974d"
dependencies:
chalk "^2.3.0"
source-map "^0.6.1"
supports-color "^5.1.0"
prebuild-install@~2.3.0:
version "2.3.0"
resolved "https://registry.yarnpkg.com/prebuild-install/-/prebuild-install-2.3.0.tgz#19481247df728b854ab57b187ce234211311b485"
@ -5891,6 +5931,18 @@ safe-json-parse@4.0.0:
dependencies:
rust-result "^1.0.0"
sanitize-html@^1.16.3:
version "1.16.3"
resolved "https://registry.yarnpkg.com/sanitize-html/-/sanitize-html-1.16.3.tgz#96c1b44a36ff7312e1c22a14b05274370ac8bd56"
dependencies:
htmlparser2 "^3.9.0"
lodash.clonedeep "^4.5.0"
lodash.escaperegexp "^4.1.2"
lodash.mergewith "^4.6.0"
postcss "^6.0.14"
srcset "^1.0.0"
xtend "^4.0.0"
sass-graph@^2.2.4:
version "2.2.4"
resolved "https://registry.yarnpkg.com/sass-graph/-/sass-graph-2.2.4.tgz#13fbd63cd1caf0908b9fd93476ad43a51d1e0b49"
@ -6335,6 +6387,13 @@ sprintf-js@~1.0.2:
version "1.0.3"
resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c"
srcset@^1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/srcset/-/srcset-1.0.0.tgz#a5669de12b42f3b1d5e83ed03c71046fc48f41ef"
dependencies:
array-uniq "^1.0.2"
number-is-nan "^1.0.0"
sshpk@^1.7.0:
version "1.13.1"
resolved "https://registry.yarnpkg.com/sshpk/-/sshpk-1.13.1.tgz#512df6da6287144316dc4c18fe1cf1d940739be3"
@ -6562,6 +6621,12 @@ supports-color@^4.0.0, supports-color@^4.2.1, supports-color@^4.4.0:
dependencies:
has-flag "^2.0.0"
supports-color@^5.1.0:
version "5.1.0"
resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-5.1.0.tgz#058a021d1b619f7ddf3980d712ea3590ce7de3d5"
dependencies:
has-flag "^2.0.0"
svgo@^0.7.0:
version "0.7.2"
resolved "https://registry.yarnpkg.com/svgo/-/svgo-0.7.2.tgz#9f5772413952135c6fefbf40afe6a4faa88b4bb5"

View File

@ -12,5 +12,5 @@ signup:
enabled: true
transcoding:
enabled: true
enabled: false
threads: 4

View File

@ -82,7 +82,6 @@
"request": "^2.81.0",
"rimraf": "^2.5.4",
"safe-buffer": "^5.0.1",
"sanitize-html": "^1.16.3",
"scripty": "^1.5.0",
"sequelize": "4.25.2",
"sequelize-typescript": "^0.6.1",
@ -112,7 +111,6 @@
"@types/node": "^8.0.3",
"@types/pem": "^1.9.3",
"@types/request": "^2.0.3",
"@types/sanitize-html": "^1.14.0",
"@types/sequelize": "^4.0.55",
"@types/sharp": "^0.17.6",
"@types/supertest": "^2.0.3",

View File

@ -1,7 +1,6 @@
import * as validator from 'validator'
import { exists, isDateValid } from '../misc'
import { isActivityPubUrlValid, isBaseActivityValid } from './misc'
import * as sanitizeHtml from 'sanitize-html'
function isVideoCommentCreateActivityValid (activity: any) {
return isBaseActivityValid(activity, 'Create') &&
@ -11,7 +10,6 @@ function isVideoCommentCreateActivityValid (activity: any) {
function isVideoCommentObjectValid (comment: any) {
return comment.type === 'Note' &&
isActivityPubUrlValid(comment.id) &&
sanitizeCommentHTML(comment) &&
isCommentContentValid(comment.content) &&
isActivityPubUrlValid(comment.inReplyTo) &&
isDateValid(comment.published) &&
@ -31,15 +29,6 @@ export {
// ---------------------------------------------------------------------------
function sanitizeCommentHTML (comment: any) {
return sanitizeHtml(comment.content, {
allowedTags: [ 'b', 'i', 'em', 'span', 'a' ],
allowedAttributes: {
'a': [ 'href' ]
}
})
}
function isCommentContentValid (content: any) {
return exists(content) && validator.isLength('' + content, { min: 1 })
}

View File

@ -11,8 +11,9 @@ import { getOrCreateActorAndServerAndModel } from '../actor'
async function processDeleteActivity (activity: ActivityDelete) {
const actor = await getOrCreateActorAndServerAndModel(activity.actor)
const objectUrl = typeof activity.object === 'string' ? activity.object : activity.object.id
if (actor.url === activity.object) {
if (actor.url === objectUrl) {
if (actor.type === 'Person') {
if (!actor.Account) throw new Error('Actor ' + actor.url + ' is a person but we cannot find it in database.')
@ -25,14 +26,14 @@ async function processDeleteActivity (activity: ActivityDelete) {
}
{
const videoCommentInstance = await VideoCommentModel.loadByUrlAndPopulateAccount(activity.object)
const videoCommentInstance = await VideoCommentModel.loadByUrlAndPopulateAccount(objectUrl)
if (videoCommentInstance) {
return processDeleteVideoComment(actor, videoCommentInstance)
}
}
{
const videoInstance = await VideoModel.loadByUrlAndPopulateAccount(activity.object)
const videoInstance = await VideoModel.loadByUrlAndPopulateAccount(objectUrl)
if (videoInstance) {
return processDeleteVideo(actor, videoInstance)
}

View File

@ -39,7 +39,7 @@ export interface ActivityUpdate extends BaseActivity {
export interface ActivityDelete extends BaseActivity {
type: 'Delete'
object: string
object: string | { id: string }
}
export interface ActivityFollow extends BaseActivity {

View File

@ -150,10 +150,6 @@
"@types/form-data" "*"
"@types/node" "*"
"@types/sanitize-html@^1.14.0":
version "1.14.0"
resolved "https://registry.yarnpkg.com/@types/sanitize-html/-/sanitize-html-1.14.0.tgz#9a03ec58306e24feaa3fbdb8ab593934d53ecb05"
"@types/sequelize@4.0.79", "@types/sequelize@^4.0.55":
version "4.0.79"
resolved "https://registry.yarnpkg.com/@types/sequelize/-/sequelize-4.0.79.tgz#74c366407a978e493e70d7cea3d80c681aed15c0"
@ -352,7 +348,7 @@ array-union@^1.0.1:
dependencies:
array-uniq "^1.0.1"
array-uniq@^1.0.1, array-uniq@^1.0.2:
array-uniq@^1.0.1:
version "1.0.3"
resolved "https://registry.yarnpkg.com/array-uniq/-/array-uniq-1.0.3.tgz#af6ac877a25cc7f74e058894753858dfdb24fdb6"
@ -802,7 +798,7 @@ chalk@^1.0.0, chalk@^1.1.1, chalk@^1.1.3:
strip-ansi "^3.0.0"
supports-color "^2.0.0"
chalk@^2.0.0, chalk@^2.0.1, chalk@^2.1.0, chalk@^2.3.0:
chalk@^2.0.0, chalk@^2.0.1, chalk@^2.1.0:
version "2.3.0"
resolved "https://registry.yarnpkg.com/chalk/-/chalk-2.3.0.tgz#b5ea48efc9c1793dccc9b4767c93914d3f2d52ba"
dependencies:
@ -1240,34 +1236,6 @@ doctrine@^2.0.0:
dependencies:
esutils "^2.0.2"
dom-serializer@0:
version "0.1.0"
resolved "https://registry.yarnpkg.com/dom-serializer/-/dom-serializer-0.1.0.tgz#073c697546ce0780ce23be4a28e293e40bc30c82"
dependencies:
domelementtype "~1.1.1"
entities "~1.1.1"
domelementtype@1, domelementtype@^1.3.0:
version "1.3.0"
resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-1.3.0.tgz#b17aed82e8ab59e52dd9c19b1756e0fc187204c2"
domelementtype@~1.1.1:
version "1.1.3"
resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-1.1.3.tgz#bd28773e2642881aec51544924299c5cd822185b"
domhandler@^2.3.0:
version "2.4.1"
resolved "https://registry.yarnpkg.com/domhandler/-/domhandler-2.4.1.tgz#892e47000a99be55bbf3774ffea0561d8879c259"
dependencies:
domelementtype "1"
domutils@^1.5.1:
version "1.6.2"
resolved "https://registry.yarnpkg.com/domutils/-/domutils-1.6.2.tgz#1958cc0b4c9426e9ed367fb1c8e854891b0fa3ff"
dependencies:
dom-serializer "0"
domelementtype "1"
dot-prop@^4.1.0:
version "4.2.0"
resolved "https://registry.yarnpkg.com/dot-prop/-/dot-prop-4.2.0.tgz#1f19e0c2e1aa0e32797c49799f2837ac6af69c57"
@ -1322,10 +1290,6 @@ end-of-stream@^1.0.0, end-of-stream@^1.1.0:
dependencies:
once "^1.4.0"
entities@^1.1.1, entities@~1.1.1:
version "1.1.1"
resolved "https://registry.yarnpkg.com/entities/-/entities-1.1.1.tgz#6e5c2d0a5621b5dadaecef80b90edfb5cd7772f0"
error-ex@^1.2.0:
version "1.3.1"
resolved "https://registry.yarnpkg.com/error-ex/-/error-ex-1.3.1.tgz#f855a86ce61adc4e8621c3cda21e7a7612c3a8dc"
@ -2125,17 +2089,6 @@ homedir-polyfill@^1.0.1:
dependencies:
parse-passwd "^1.0.0"
htmlparser2@^3.9.0:
version "3.9.2"
resolved "https://registry.yarnpkg.com/htmlparser2/-/htmlparser2-3.9.2.tgz#1bdf87acca0f3f9e53fa4fcceb0f4b4cbb00b338"
dependencies:
domelementtype "^1.3.0"
domhandler "^2.3.0"
domutils "^1.5.1"
entities "^1.1.1"
inherits "^2.0.1"
readable-stream "^2.0.2"
http-errors@1.6.2, http-errors@~1.6.2:
version "1.6.2"
resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.6.2.tgz#0a002cc85707192a7e7946ceedc11155f60ec736"
@ -2669,10 +2622,6 @@ lodash.assign@^3.0.0:
lodash._createassigner "^3.0.0"
lodash.keys "^3.0.0"
lodash.clonedeep@^4.5.0:
version "4.5.0"
resolved "https://registry.yarnpkg.com/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz#e23f3f9c4f8fbdde872529c1071857a086e5ccef"
lodash.cond@^4.3.0:
version "4.5.2"
resolved "https://registry.yarnpkg.com/lodash.cond/-/lodash.cond-4.5.2.tgz#f471a1da486be60f6ab955d17115523dd1d255d5"
@ -2684,10 +2633,6 @@ lodash.defaults@^3.1.2:
lodash.assign "^3.0.0"
lodash.restparam "^3.0.0"
lodash.escaperegexp@^4.1.2:
version "4.1.2"
resolved "https://registry.yarnpkg.com/lodash.escaperegexp/-/lodash.escaperegexp-4.1.2.tgz#64762c48618082518ac3df4ccf5d5886dae20347"
lodash.isarguments@^3.0.0:
version "3.1.0"
resolved "https://registry.yarnpkg.com/lodash.isarguments/-/lodash.isarguments-3.1.0.tgz#2f573d85c6a24289ff00663b491c1d338ff3458a"
@ -2704,10 +2649,6 @@ lodash.keys@^3.0.0:
lodash.isarguments "^3.0.0"
lodash.isarray "^3.0.0"
lodash.mergewith@^4.6.0:
version "4.6.0"
resolved "https://registry.yarnpkg.com/lodash.mergewith/-/lodash.mergewith-4.6.0.tgz#150cf0a16791f5903b8891eab154609274bdea55"
lodash.restparam@^3.0.0:
version "3.6.1"
resolved "https://registry.yarnpkg.com/lodash.restparam/-/lodash.restparam-3.6.1.tgz#936a4e309ef330a7645ed4145986c85ae5b20805"
@ -3416,14 +3357,6 @@ pluralize@^1.2.1:
version "1.2.1"
resolved "https://registry.yarnpkg.com/pluralize/-/pluralize-1.2.1.tgz#d1a21483fd22bb41e58a12fa3421823140897c45"
postcss@^6.0.14:
version "6.0.14"
resolved "https://registry.yarnpkg.com/postcss/-/postcss-6.0.14.tgz#5534c72114739e75d0afcf017db853099f562885"
dependencies:
chalk "^2.3.0"
source-map "^0.6.1"
supports-color "^4.4.0"
postgres-array@~1.0.0:
version "1.0.2"
resolved "https://registry.yarnpkg.com/postgres-array/-/postgres-array-1.0.2.tgz#8e0b32eb03bf77a5c0a7851e0441c169a256a238"
@ -3808,18 +3741,6 @@ safe-buffer@5.1.1, safe-buffer@^5.0.0, safe-buffer@^5.0.1, safe-buffer@^5.1.0, s
version "5.1.1"
resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz#893312af69b2123def71f57889001671eeb2c853"
sanitize-html@^1.16.3:
version "1.16.3"
resolved "https://registry.yarnpkg.com/sanitize-html/-/sanitize-html-1.16.3.tgz#96c1b44a36ff7312e1c22a14b05274370ac8bd56"
dependencies:
htmlparser2 "^3.9.0"
lodash.clonedeep "^4.5.0"
lodash.escaperegexp "^4.1.2"
lodash.mergewith "^4.6.0"
postcss "^6.0.14"
srcset "^1.0.0"
xtend "^4.0.0"
scripty@^1.5.0:
version "1.7.2"
resolved "https://registry.yarnpkg.com/scripty/-/scripty-1.7.2.tgz#92367b724cb77b086729691f7b01aa57f3ddd356"
@ -4045,7 +3966,7 @@ source-map@^0.5.6:
version "0.5.7"
resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.5.7.tgz#8a039d2d1021d22d1ea14c80d8ea468ba2ef3fcc"
source-map@^0.6.0, source-map@^0.6.1:
source-map@^0.6.0:
version "0.6.1"
resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.6.1.tgz#74722af32e9614e9c287a8d0bbde48b5e2f1a263"
@ -4073,13 +3994,6 @@ sprintf-js@~1.0.2:
version "1.0.3"
resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c"
srcset@^1.0.0:
version "1.0.0"
resolved "https://registry.yarnpkg.com/srcset/-/srcset-1.0.0.tgz#a5669de12b42f3b1d5e83ed03c71046fc48f41ef"
dependencies:
array-uniq "^1.0.2"
number-is-nan "^1.0.0"
sshpk@^1.7.0:
version "1.13.1"
resolved "https://registry.yarnpkg.com/sshpk/-/sshpk-1.13.1.tgz#512df6da6287144316dc4c18fe1cf1d940739be3"
@ -4265,7 +4179,7 @@ supports-color@^3.2.3:
dependencies:
has-flag "^1.0.0"
supports-color@^4.0.0, supports-color@^4.4.0:
supports-color@^4.0.0:
version "4.5.0"
resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-4.5.0.tgz#be7a0de484dec5c5cddf8b3d59125044912f635b"
dependencies: