Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-27 09:06:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: improper sanitization and parsing in mocks.note

Browse Source 
- sanitize-html invocation was stripping out images by default, now added as an exception
- only post content was passsed into filter:parse.post, but hook expects post summary
This commit is contained in:
Julian Lam
2024-06-19 11:23:26 -04:00
parent 5a2fa52ccc
commit 59818031bc
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/activitypub/mocks.js
View File

@@ -22,6 +22,7 @@ const Mocks = module.exports;
* Done so the output HTML is stripped of all non-essential items; mainly classes from plugins.. * Done so the output HTML is stripped of all non-essential items; mainly classes from plugins..
*/ */
const sanitizeConfig = { const sanitizeConfig = {
allowedTags: sanitize.defaults.allowedTags.concat(['img']),
allowedClasses: { allowedClasses: {
'*': [], '*': [],
}, },
@@ -286,9 +287,8 @@ Mocks.note = async (post) => {
cc.add(followersUrl); cc.add(followersUrl);
} }
const content = await posts.getPostField(post.pid, 'content');
const { postData: parsed } = await plugins.hooks.fire('filter:parse.post', { const { postData: parsed } = await plugins.hooks.fire('filter:parse.post', {
postData: { content }, postData: post,
type: 'activitypub.note', type: 'activitypub.note',
}); });
post.content = sanitize(parsed.content, sanitizeConfig); post.content = sanitize(parsed.content, sanitizeConfig);