LogalDeveloper/owncast
0
Fork 0
Code Activity

better chat message sanitization (#1266)

Browse Source 
* strip <p> in chat sanitization, keep the content

* update sanitization tests

* update tests

* rm <p></p> comparison for empty messages
This commit is contained in:
Meisam
2021-07-28 00:26:27 +02:00
committed by GitHub
parent 92284f6ca1
commit 109d2669ab
4 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
core/chat/messageRendering_test.go
View File

@@ -19,11 +19,11 @@ func TestRenderAndSanitize(t *testing.T) {
<script src="http://hackers.org/hack.js"></script>
`
expected := `<p>Test one two three! I go to <a href="http://yahoo.com" rel="nofollow noreferrer noopener" target="_blank">http://yahoo.com</a> and search for <em>sports</em> and <strong>answers</strong>.
Here is an iframe </p>
expected := `Test one two three! I go to <a href="http://yahoo.com" rel="nofollow noreferrer noopener" target="_blank">http://yahoo.com</a> and search for <em>sports</em> and <strong>answers</strong>.
Here is an iframe
blah blah blah
<p><a href="http://owncast.online" rel="nofollow noreferrer noopener" target="_blank">test link</a>
<img class="emoji" src="/img/emoji/bananadance.gif"></p>`
<a href="http://owncast.online" rel="nofollow noreferrer noopener" target="_blank">test link</a>
<img class="emoji" src="/img/emoji/bananadance.gif">`
result := events.RenderAndSanitize(messageContent)
if result != expected {
@@ -34,7 +34,7 @@ blah blah blah
// Test to make sure we block remote images in chat messages.
func TestBlockRemoteImages(t *testing.T) {
messageContent := `<img src="https://via.placeholder.com/img/emoji/350x150"> test ![](https://via.placeholder.com/img/emoji/350x150)`
expected := `<p> test </p>`
expected := `test`
result := events.RenderAndSanitize(messageContent)
if result != expected {
@@ -45,7 +45,7 @@ func TestBlockRemoteImages(t *testing.T) {
// Test to make sure emoji images are allowed in chat messages.
func TestAllowEmojiImages(t *testing.T) {
messageContent := `<img alt=":beerparrot:" title=":beerparrot:" src="/img/emoji/beerparrot.gif"> test ![](/img/emoji/beerparrot.gif)`
expected := `<p><img alt=":beerparrot:" title=":beerparrot:" src="/img/emoji/beerparrot.gif"> test <img src="/img/emoji/beerparrot.gif"></p>`
expected := `<img alt=":beerparrot:" title=":beerparrot:" src="/img/emoji/beerparrot.gif"> test <img src="/img/emoji/beerparrot.gif">`
result := events.RenderAndSanitize(messageContent)
if result != expected {