OpenCloud
/
PeerTube
mirror of https://github.com/Chocobozzz/PeerTube
1
0
Fork 0
Code Issues Releases Wiki Activity

Correctly escape meta tags

pull/4597/head
Chocobozzz 2021-11-30 08:31:56 +01:00
parent 1ffb76221a
commit 55cb8bc73c
No known key found for this signature in database
GPG Key ID: 583A612D890159BE
2 changed files with 55 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -117,6 +117,7 @@
* Fix player settings menu keyboard navigation * Fix player settings menu keyboard navigation
* Fix player placeholder width * Fix player placeholder width
* Fix playlist miniature size with big description * Fix playlist miniature size with big description
* Correctly escape meta tags
## v3.4.1 ## v3.4.1

105
server/lib/client-html.ts
View File

@ -2,6 +2,7 @@ import express from 'express'
import { readFile } from 'fs-extra' import { readFile } from 'fs-extra'
import { join } from 'path' import { join } from 'path'
import validator from 'validator' import validator from 'validator'
import { toCompleteUUID } from '@server/helpers/custom-validators/misc'
import { escapeHTML } from '@shared/core-utils/renderer' import { escapeHTML } from '@shared/core-utils/renderer'
import { HTMLServerConfig } from '@shared/models' import { HTMLServerConfig } from '@shared/models'
import { buildFileLocale, getDefaultLocale, is18nLocale, POSSIBLE_LOCALES } from '../../shared/core-utils/i18n/i18n' import { buildFileLocale, getDefaultLocale, is18nLocale, POSSIBLE_LOCALES } from '../../shared/core-utils/i18n/i18n'
@ -27,7 +28,6 @@ import { VideoChannelModel } from '../models/video/video-channel'
import { VideoPlaylistModel } from '../models/video/video-playlist' import { VideoPlaylistModel } from '../models/video/video-playlist'
import { MAccountActor, MChannelActor } from '../types/models' import { MAccountActor, MChannelActor } from '../types/models'
import { ServerConfigManager } from './server-config-manager' import { ServerConfigManager } from './server-config-manager'
import { toCompleteUUID } from '@server/helpers/custom-validators/misc'
type Tags = { type Tags = {
ogType: string ogType: string
@ -38,11 +38,12 @@ type Tags = {
numberOfItems: number numberOfItems: number
} }
siteName: string escapedSiteName: string
title: string escapedTitle: string
escapedDescription: string
url: string url: string
originUrl: string originUrl: string
description: string
disallowIndexation?: boolean disallowIndexation?: boolean
@ -100,15 +101,15 @@ class ClientHtml {
res.status(HttpStatusCode.NOT_FOUND_404) res.status(HttpStatusCode.NOT_FOUND_404)
return html return html
} }
const description = mdToPlainText(video.description)
let customHtml = ClientHtml.addTitleTag(html, escapeHTML(video.name)) let customHtml = ClientHtml.addTitleTag(html, video.name)
customHtml = ClientHtml.addDescriptionTag(customHtml, mdToPlainText(video.description)) customHtml = ClientHtml.addDescriptionTag(customHtml, description)
const url = WEBSERVER.URL + video.getWatchStaticPath() const url = WEBSERVER.URL + video.getWatchStaticPath()
const originUrl = video.url const originUrl = video.url
const title = escapeHTML(video.name) const title = video.name
const siteName = escapeHTML(CONFIG.INSTANCE.NAME) const siteName = CONFIG.INSTANCE.NAME
const description = mdToPlainText(video.description)
const image = { const image = {
url: WEBSERVER.URL + video.getPreviewStaticPath() url: WEBSERVER.URL + video.getPreviewStaticPath()
@ -128,9 +129,9 @@ class ClientHtml {
customHtml = ClientHtml.addTags(customHtml, { customHtml = ClientHtml.addTags(customHtml, {
url, url,
originUrl, originUrl,
siteName, escapedSiteName: escapeHTML(siteName),
title, escapedTitle: escapeHTML(title),
description, escapedDescription: escapeHTML(description),
image, image,
embed, embed,
ogType, ogType,
@ -161,14 +162,15 @@ class ClientHtml {
return html return html
} }
let customHtml = ClientHtml.addTitleTag(html, escapeHTML(videoPlaylist.name)) const description = mdToPlainText(videoPlaylist.description)
customHtml = ClientHtml.addDescriptionTag(customHtml, mdToPlainText(videoPlaylist.description))
let customHtml = ClientHtml.addTitleTag(html, videoPlaylist.name)
customHtml = ClientHtml.addDescriptionTag(customHtml, description)
const url = WEBSERVER.URL + videoPlaylist.getWatchStaticPath() const url = WEBSERVER.URL + videoPlaylist.getWatchStaticPath()
const originUrl = videoPlaylist.url const originUrl = videoPlaylist.url
const title = escapeHTML(videoPlaylist.name) const title = videoPlaylist.name
const siteName = escapeHTML(CONFIG.INSTANCE.NAME) const siteName = CONFIG.INSTANCE.NAME
const description = mdToPlainText(videoPlaylist.description)
const image = { const image = {
url: videoPlaylist.getThumbnailUrl() url: videoPlaylist.getThumbnailUrl()
@ -190,10 +192,10 @@ class ClientHtml {
customHtml = ClientHtml.addTags(customHtml, { customHtml = ClientHtml.addTags(customHtml, {
url, url,
originUrl, originUrl,
siteName, escapedSiteName: escapeHTML(siteName),
escapedTitle: escapeHTML(title),
escapedDescription: escapeHTML(description),
embed, embed,
title,
description,
image, image,
list, list,
ogType, ogType,
@ -259,14 +261,15 @@ class ClientHtml {
return ClientHtml.getIndexHTML(req, res) return ClientHtml.getIndexHTML(req, res)
} }
let customHtml = ClientHtml.addTitleTag(html, escapeHTML(entity.getDisplayName())) const description = mdToPlainText(entity.description)
customHtml = ClientHtml.addDescriptionTag(customHtml, mdToPlainText(entity.description))
let customHtml = ClientHtml.addTitleTag(html, entity.getDisplayName())
customHtml = ClientHtml.addDescriptionTag(customHtml, description)
const url = entity.getLocalUrl() const url = entity.getLocalUrl()
const originUrl = entity.Actor.url const originUrl = entity.Actor.url
const siteName = escapeHTML(CONFIG.INSTANCE.NAME) const siteName = CONFIG.INSTANCE.NAME
const title = escapeHTML(entity.getDisplayName()) const title = entity.getDisplayName()
const description = mdToPlainText(entity.description)
const image = { const image = {
url: entity.Actor.getAvatarUrl(), url: entity.Actor.getAvatarUrl(),
@ -281,9 +284,9 @@ class ClientHtml {
customHtml = ClientHtml.addTags(customHtml, { customHtml = ClientHtml.addTags(customHtml, {
url, url,
originUrl, originUrl,
title, escapedTitle: escapeHTML(title),
siteName, escapedSiteName: escapeHTML(siteName),
description, escapedDescription: escapeHTML(description),
image, image,
ogType, ogType,
twitterCard, twitterCard,
@ -367,14 +370,14 @@ class ClientHtml {
let text = title || CONFIG.INSTANCE.NAME let text = title || CONFIG.INSTANCE.NAME
if (title) text += ` - ${CONFIG.INSTANCE.NAME}` if (title) text += ` - ${CONFIG.INSTANCE.NAME}`
const titleTag = `<title>${text}</title>` const titleTag = `<title>${escapeHTML(text)}</title>`
return htmlStringPage.replace(CUSTOM_HTML_TAG_COMMENTS.TITLE, titleTag) return htmlStringPage.replace(CUSTOM_HTML_TAG_COMMENTS.TITLE, titleTag)
} }
private static addDescriptionTag (htmlStringPage: string, description?: string) { private static addDescriptionTag (htmlStringPage: string, description?: string) {
const content = description || CONFIG.INSTANCE.SHORT_DESCRIPTION const content = description || CONFIG.INSTANCE.SHORT_DESCRIPTION
const descriptionTag = `<meta name="description" content="${content}" />` const descriptionTag = `<meta name="description" content="${escapeHTML(content)}" />`
return htmlStringPage.replace(CUSTOM_HTML_TAG_COMMENTS.DESCRIPTION, descriptionTag) return htmlStringPage.replace(CUSTOM_HTML_TAG_COMMENTS.DESCRIPTION, descriptionTag)
} }
@ -406,8 +409,8 @@ class ClientHtml {
private static generateOpenGraphMetaTags (tags: Tags) { private static generateOpenGraphMetaTags (tags: Tags) {
const metaTags = { const metaTags = {
'og:type': tags.ogType, 'og:type': tags.ogType,
'og:site_name': tags.siteName, 'og:site_name': tags.escapedSiteName,
'og:title': tags.title, 'og:title': tags.escapedTitle,
'og:image': tags.image.url 'og:image': tags.image.url
} }
@ -417,7 +420,7 @@ class ClientHtml {
} }
metaTags['og:url'] = tags.url metaTags['og:url'] = tags.url
metaTags['og:description'] = mdToPlainText(tags.description) metaTags['og:description'] = tags.escapedDescription
if (tags.embed) { if (tags.embed) {
metaTags['og:video:url'] = tags.embed.url metaTags['og:video:url'] = tags.embed.url
@ -432,8 +435,8 @@ class ClientHtml {
private static generateStandardMetaTags (tags: Tags) { private static generateStandardMetaTags (tags: Tags) {
return { return {
name: tags.title, name: tags.escapedTitle,
description: mdToPlainText(tags.description), description: tags.escapedDescription,
image: tags.image.url image: tags.image.url
} }
} }
@ -442,8 +445,8 @@ class ClientHtml {
const metaTags = { const metaTags = {
'twitter:card': tags.twitterCard, 'twitter:card': tags.twitterCard,
'twitter:site': CONFIG.SERVICES.TWITTER.USERNAME, 'twitter:site': CONFIG.SERVICES.TWITTER.USERNAME,
'twitter:title': tags.title, 'twitter:title': tags.escapedTitle,
'twitter:description': tags.description, 'twitter:description': tags.escapedDescription,
'twitter:image': tags.image.url 'twitter:image': tags.image.url
} }
@ -465,8 +468,8 @@ class ClientHtml {
const schema = { const schema = {
'@context': 'http://schema.org', '@context': 'http://schema.org',
'@type': tags.schemaType, '@type': tags.schemaType,
'name': tags.title, 'name': tags.escapedTitle,
'description': tags.description, 'description': tags.escapedDescription,
'image': tags.image.url, 'image': tags.image.url,
'url': tags.url 'url': tags.url
} }
@ -496,59 +499,59 @@ class ClientHtml {
const twitterCardMetaTags = this.generateTwitterCardMetaTags(tagsValues) const twitterCardMetaTags = this.generateTwitterCardMetaTags(tagsValues)
const schemaTags = this.generateSchemaTags(tagsValues) const schemaTags = this.generateSchemaTags(tagsValues)
const { url, title, embed, originUrl, disallowIndexation } = tagsValues const { url, escapedTitle, embed, originUrl, disallowIndexation } = tagsValues
const oembedLinkTags: { type: string, href: string, title: string }[] = [] const oembedLinkTags: { type: string, href: string, escapedTitle: string }[] = []
if (embed) { if (embed) {
oembedLinkTags.push({ oembedLinkTags.push({
type: 'application/json+oembed', type: 'application/json+oembed',
href: WEBSERVER.URL + '/services/oembed?url=' + encodeURIComponent(url), href: WEBSERVER.URL + '/services/oembed?url=' + encodeURIComponent(url),
title escapedTitle
}) })
} }
let tagsString = '' let tagsStr = ''
// Opengraph // Opengraph
Object.keys(openGraphMetaTags).forEach(tagName => { Object.keys(openGraphMetaTags).forEach(tagName => {
const tagValue = openGraphMetaTags[tagName] const tagValue = openGraphMetaTags[tagName]
tagsString += `<meta property="${tagName}" content="${tagValue}" />` tagsStr += `<meta property="${tagName}" content="${tagValue}" />`
}) })
// Standard // Standard
Object.keys(standardMetaTags).forEach(tagName => { Object.keys(standardMetaTags).forEach(tagName => {
const tagValue = standardMetaTags[tagName] const tagValue = standardMetaTags[tagName]
tagsString += `<meta property="${tagName}" content="${tagValue}" />` tagsStr += `<meta property="${tagName}" content="${tagValue}" />`
}) })
// Twitter card // Twitter card
Object.keys(twitterCardMetaTags).forEach(tagName => { Object.keys(twitterCardMetaTags).forEach(tagName => {
const tagValue = twitterCardMetaTags[tagName] const tagValue = twitterCardMetaTags[tagName]
tagsString += `<meta property="${tagName}" content="${tagValue}" />` tagsStr += `<meta property="${tagName}" content="${tagValue}" />`
}) })
// OEmbed // OEmbed
for (const oembedLinkTag of oembedLinkTags) { for (const oembedLinkTag of oembedLinkTags) {
tagsString += `<link rel="alternate" type="${oembedLinkTag.type}" href="${oembedLinkTag.href}" title="${oembedLinkTag.title}" />` tagsStr += `<link rel="alternate" type="${oembedLinkTag.type}" href="${oembedLinkTag.href}" title="${oembedLinkTag.escapedTitle}" />`
} }
// Schema.org // Schema.org
if (schemaTags) { if (schemaTags) {
tagsString += `<script type="application/ld+json">${JSON.stringify(schemaTags)}</script>` tagsStr += `<script type="application/ld+json">${JSON.stringify(schemaTags)}</script>`
} }
// SEO, use origin URL // SEO, use origin URL
tagsString += `<link rel="canonical" href="${originUrl}" />` tagsStr += `<link rel="canonical" href="${originUrl}" />`
if (disallowIndexation) { if (disallowIndexation) {
tagsString += `<meta name="robots" content="noindex" />` tagsStr += `<meta name="robots" content="noindex" />`
} }
return htmlStringPage.replace(CUSTOM_HTML_TAG_COMMENTS.META_TAGS, tagsString) return htmlStringPage.replace(CUSTOM_HTML_TAG_COMMENTS.META_TAGS, tagsStr)
} }
} }