bgme/mastodon
1
0
Fork 0
mirror of https://github.com/yingziwu/mastodon.git synced 2026-02-23 02:33:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Merge commit from fork

Browse source 
* Check scheme in account and post links

* Harden media attachments

* Client-side mitigation

* Client-side mitigation for media attachments
This commit is contained in:
Claire 2025-05-06 15:02:13 +02:00 committed by GitHub
parent 27453ce611
commit 93e6fc9df7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 25 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

15
app/javascript/mastodon/actions/importer/normalizer.js
View file

@ -40,6 +40,10 @@ export function normalizeAccount(account) {
account.moved = account.moved.id;
}
if (!(account.url.startsWith('http://') || account.url.startsWith('https://'))) {
account.url = account.uri;
}
return account;
}
@ -96,6 +100,17 @@ export function normalizeStatus(status, normalOldStatus) {
normalStatus.contentHtml = emojify(normalStatus.content, emojiMap);
normalStatus.spoilerHtml = emojify(escapeTextContentForBrowser(spoilerText), emojiMap);
normalStatus.hidden = expandSpoilers ? false : spoilerText.length > 0 || normalStatus.sensitive;
if (normalStatus.url && !(normalStatus.url.startsWith('http://') || normalStatus.url.startsWith('https://'))) {
normalStatus.url = null;
}
normalStatus.url ||= normalStatus.uri;
normalStatus.media_attachments.forEach(item => {
if (item.remote_url && !(item.remote_url.startsWith('http://') || item.remote_url.startsWith('https://')))
item.remote_url = null;
});
}
if (normalOldStatus) {